3 matches found
AZL-76499 CVE-2026-1703 affecting package python3 3.9.19-19
When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...
AZL-75050 CVE-2025-15367 affecting package python3 3.9.19-19
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...
AZL-71275 CVE-2025-13837 affecting package python3 3.9.19-19
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues...