My ZIP isn't your ZIP: Identifying and exploiting semantic gaps between parsers
ZIP is one of the most popular archive formats. It is used not only as archive files, but also as the container for other file formats, including office documents, Android applications, Java archives, and many more. Despite its ubiquity, the ZIP file format specification is imprecisely specified, posing the risk of semantic gaps between implementations that can be exploited by attackers. While prior research has reported individual such vulnerabilities, there is a lack of systematic studies for