Description
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress() extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expands to 100 MB to exhaust disk or memory before extraction completes. This issue is fixed in version 1.1.3.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-gjrg-mpp7-g774 | py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size |
References
History
Wed, 08 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Miurahr
Miurahr py7zr |
|
| Vendors & Products |
Miurahr
Miurahr py7zr |
Wed, 08 Jul 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress() extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expands to 100 MB to exhaust disk or memory before extraction completes. This issue is fixed in version 1.1.3. | |
| Title | py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size | |
| Weaknesses | CWE-409 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-08T20:30:58.654Z
Reserved: 2026-06-16T15:20:43.087Z
Link: CVE-2026-55195
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T21:30:08Z
Weaknesses
-
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
Github GHSA