Serhiy-Storchaka

Name of the Vulnerable Software and Affected Versions: CPython (affected versions not specified) Description: The issue arises when using `bytes.decode()` with the "unicode escape" encoding and an error handler set to "ignore" or "replace". Users not utilizing this specific encoding or error handler are not affected. Recommendations: To work around this issue, consider stopping the use of the error handler in the `bytes.decode()` call and instead wrap it in a try-except block to catch the DecodeError.

**Name of the Vulnerable Software and Affected Versions** python3.9 python3.11 python3.13 **Description** The plistlib module does not properly validate the size of plist files during loading. A malicious plist file can specify a size that causes the module to attempt to allocate an excessive amount of memory, leading to an out-of-memory (OOM) condition and potential denial-of-service (DoS) issues. **Recommendations** For python3.9, avoid loading plist files from untrusted sources. For python3.11, avoid loading plist files from untrusted sources. For python3.13, avoid loading plist files from untrusted sources.