New submission from Tarmo Randel:

The problem: miscreants are modifying ZIP file header parts so, that Python 
based automated analysis tools are unable to process the contents of the ZIP 
file but intended clients are able to open the file and extract the possibly 
malicious contents.

Github pull request contains patch addressing the issue so that developer can 
make conscious decision to allow extraction process to complete. Quite 
important feature for security researchers.

components: Library (Lib)
files: ZIP_filename_confusion.pdf
messages: 300080
nosy: zyxtarmo
priority: normal
pull_requests: 3094
severity: normal
status: open
title: Exception while extracting file from ZIP with non-matching file name in 
central directory
type: behavior
versions: Python 2.7
Added file:

Python tracker <>
Python-bugs-list mailing list

Reply via email to