TIL There's a zip file titled '42.zip'. It's known as a zip bomb or 'zip of death' because it's original size is only 42 kilobytes. But when it's uncompressed, it expands to 4.5 petabytes (4,500,000 gigabytes), crashing the antivirus program and then the system.

It works by exploiting a characteristic of the specification of the zip format.

When I "zip a file", I create another file, which, if someone unzips it using the specification, will get the original data back. Basically it is an encoding, that takes up less space than the original data.

However, there are a number of data, that don't give a meaningful result, when someone tries to unzip them. Most of the time, the unzipper will just say that the data is corrupted, because while trying to unzip it (that is, trying to follow the specification), at some point the program, that carries out the unzipping, will reach a state it shouldn't.

But there are a few cases, where the unzipping either never stops (an infinite cycle happens), or it stops, but only after very long time. These are the zip bombs - they are a hand-crafted way of abusing the specification, so that they are still "technically correct" zip files from the specification's point of view.

/r/todayilearned Thread Parent Link - scienceabc.com