** Changed in: file-roller
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/183660
Title:
Denial of service through decompression bombs
Status in File Roller:
Confirmed
Status in file-roller package in Ubuntu:
Triaged
Bug description:
Decompression bombs, which result from a small file being uncompressed
into a bigger one, can freeze the current application such as a
browser, virus scanner, search tool and create system instability.
More information about this can be found here:
http://www.aerasec.de/security/advisories/decompression-bomb-
vulnerability.html
Sorry if this is already known of/unpreventable, but it can really
harm and freeze a computer, depending on the size of the compressed
file. Examples are available off the previous link.
Expected Behavior: An alert shown to the user, earlier termination of the
application opening such file, or end in processing of that file.
Actual behavior: Application freezes (ui) and eventually the whole system
starts lagging. Perhaps applications should have a "maximum cpu usage allowed"
or something like that?
To manage notifications about this bug go to:
https://bugs.launchpad.net/file-roller/+bug/183660/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
