** Changed in: file-roller Status: New => Confirmed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to file-roller in Ubuntu. https://bugs.launchpad.net/bugs/183660
Title: Denial of service through decompression bombs Status in File Roller: Confirmed Status in file-roller package in Ubuntu: Triaged Bug description: Decompression bombs, which result from a small file being uncompressed into a bigger one, can freeze the current application such as a browser, virus scanner, search tool and create system instability. More information about this can be found here: http://www.aerasec.de/security/advisories/decompression-bomb- vulnerability.html Sorry if this is already known of/unpreventable, but it can really harm and freeze a computer, depending on the size of the compressed file. Examples are available off the previous link. Expected Behavior: An alert shown to the user, earlier termination of the application opening such file, or end in processing of that file. Actual behavior: Application freezes (ui) and eventually the whole system starts lagging. Perhaps applications should have a "maximum cpu usage allowed" or something like that? To manage notifications about this bug go to: https://bugs.launchpad.net/file-roller/+bug/183660/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp