Compression is useful. But in the wrong hands, it can be lethal. Lethal to computer applications, at least.
Decompression bomb vulnerabilities
This is fascinating. A 69745 byte bzip2 file that decompresses to a size of 100 GB. A 25527 byte GIF file that decompresses to a size of 288 MB. And a bzip2 file inside of a bzip2 file, compressed to 220 bytes, expands to a size of 100 GB.
Posted by Doug Sauder at February 6, 2004 09:33 AM