[Dshield] Decompression Bombs

Mike Blomgren mike.blomgren at secode.com
Thu Feb 5 16:44:02 GMT 2004

This has been known for some time. There's a .zip floating around called
42.zip which does just that. It supposedly creates a hierarchy of files
totalling 4.5PB. That's Peta Bytes. Unverified, though...


> > > The bottom line: Take an extremely large file (100sGB) containing 
> > > only a single byte value (such as x00), compress it, and 
> you end up 
> > > with a tiny file (~>64KB). That that file and used it as an email 
> > > attachment, part of a web page, etc., that when it is 
> decompressed, 
> > > will crash the program that invoked the decompressor.

More information about the list mailing list