Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-gjrg-mpp7-g774 | py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size |
Thu, 09 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 09 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Wed, 08 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Miurahr
Miurahr py7zr |
|
| Vendors & Products |
Miurahr
Miurahr py7zr |
Wed, 08 Jul 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress() extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expands to 100 MB to exhaust disk or memory before extraction completes. This issue is fixed in version 1.1.3. | |
| Title | py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size | |
| Weaknesses | CWE-409 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-09T14:06:02.499Z
Reserved: 2026-06-16T15:20:43.087Z
Link: CVE-2026-55195
Updated: 2026-07-09T14:05:45.735Z
No data.
OpenCVE Enrichment
Updated: 2026-07-09T04:15:12Z
Github GHSA