Zip bomb

---

title: "Zip bomb" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["algorithmic-complexity-attacks", "computer-archives", "denial-of-service-attacks", "types-of-malware"] description: "Malicious archive file designed to disrupt the program or system reading it" topic_path: "general/algorithmic-complexity-attacks" source: "https://en.wikipedia.org/wiki/Zip_bomb" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0

::summary Malicious archive file designed to disrupt the program or system reading it ::

::figure[src="https://upload.wikimedia.org/wikipedia/commons/f/fb/Archivbomben_VirtualBox_Ubuntu_22.10_18_12_2022_12_27_59.png" caption="Overview of some archive bombs, including 42.zip."] ::

In computing, a zip bomb, also known as a decompression bomb or zip of death (ZOD), is a malicious archive file designed to crash or render useless the program or system reading it. The older the system or program, the less likely it is that the zip bomb will be detected. It is often employed to disable antivirus software, in order to create an opening for more traditional malware.

A zip bomb allows a program to function normally, but, instead of hijacking the program's operation, it creates an archive that requires an excessive amount of time, disk space, computational power, or memory to unpack.

Most modern antivirus programs can detect zip bombs and prevent the user from extracting anything from it.

Details and use

A zip bomb is usually a small file for ease of transport and to avoid suspicion. However, when the file is unpacked, its contents are more than the system can handle.

A famous example of a zip bomb is titled 42.zip, which is a zip file of unknown authorship consisting of 42 kilobytes of compressed data, containing five layers of nested zip files in sets of 16, each bottom-layer archive containing a 4.3-gigabyte (; − ) file for a total of (; − ) of uncompressed data.

In many anti-virus scanners, only a few layers of recursion are performed on archives to help prevent attacks that would cause a buffer overflow, an out-of-memory condition, or exceed an acceptable amount of program execution time. Zip bombs often rely on repetition of identical files to achieve their extreme compression ratios. Dynamic programming methods can be employed to limit traversal of such files, so that only one file is followed recursively at each level, effectively converting their exponential growth to linear.

References

References

1. Leyden, John. "DoS risk from Zip of death attacks on AV software?".
2. Pelton, Joseph N. (28 August 2018). "Smart cities of today and tomorrow : better technology, infrastructure and security". Springer.
3. Bieringer, Peter. (2004-02-12). "AERAsec - Network Security - Eigene Advisories".
4. Smith, Ernie. (2019-07-10). "The Most Clever 'Zip Bomb' Ever Made Explodes a 46MB File to 4.5 Petabytes".
5. Svoboda, David. (8 April 2011). "IDS04-J. Safely extract files from ZipInputStream". [[Carnegie Mellon University]].

::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::