posted by hubie on Tuesday December 23, @04:57PM
https://www.bamsoftware.com/hacks/zipbomb/
This article shows how to construct a non-recursive zip bomb that achieves a high compression ratio by overlapping files inside the zip container. "Non-recursive" means that it does not rely on a decompressor's recursively unpacking zip files nested within zip files: it expands fully after a single round of decompression. The output size increases quadratically in the input size, reaching a compression ratio of over 28 million (10 MB → 281 TB) at the limits of the zip format. Even greater expansion is possible using 64-bit extensions. The construction uses only the most common compression algorithm, DEFLATE, and is compatible with most zip parsers.
(Score: 2, Informative) by Anonymous Coward on Tuesday December 23, @05:21PM
Some existing decompressors will bitch and bail out if overlapping files in a zip container.
I ran into this with Saleae .sal capture files.