diff -aruN reportlab-3.4.0/src/reportlab/platypus/paraparser.py reportlab-3.4.0.alma/src/reportlab/platypus/paraparser.py
--- reportlab-3.4.0/src/reportlab/platypus/paraparser.py	2017-03-07 13:17:00
+++ reportlab-3.4.0.alma/src/reportlab/platypus/paraparser.py	2023-10-18 15:29:30
@@ -841,7 +841,11 @@
                 v = '\0'
         elif 'code' in attr:
             try:
-                v = int(eval(attr['code']))
+                v = attr['code'].lower()
+                if v.startswith('0x'):
+                    v = int(v,16)
+                else:
+                    v = int(v,0)    #treat as a python literal would be
                 v = chr(v) if isPy3 else unichr(v)
             except:
                 self._syntax_error('<unichar/> invalid code attribute %s' % ascii(attr['code']))
diff -aruN reportlab-3.4.0/tests/test_platypus_paragraphs.py reportlab-3.4.0.alma/tests/test_platypus_paragraphs.py
--- reportlab-3.4.0/tests/test_platypus_paragraphs.py	2017-03-07 13:17:00
+++ reportlab-3.4.0.alma/tests/test_platypus_paragraphs.py	2023-10-18 15:29:30
@@ -306,6 +306,13 @@
         doc = MyDocTemplate(outputfile('test_platypus_imageandflowables.pdf'),showBoundary=1)
         doc.multiBuild(story)
 
+    def test_unicharCodeSafety(self):
+        """test a bug reported by ravi prakash giri <raviprakashgiri@gmail.com>"""
+        normal = getSampleStyleSheet()['BodyText']
+        self.assertRaises(Exception,Paragraph,
+                """<unichar code="open('/tmp/test.txt','w').write('Hello from unichar')"/>""",
+                normal)
+
 class TwoFrameDocTemplate(BaseDocTemplate):
     "Define a simple document with two frames per page."