Extracting Compressed files with any compression algorithm like gzip can cause to denial of service attacks.

Attackers can compress a huge file which created by repeated similiar byte and convert it to a small compressed file.

When you want to decompress a user-provided compressed file you must be careful about the decompression ratio or read these files within a loop byte by byte to be able to manage the decompressed size in each cycle of the loop.

python ZipFile library is vulnerable by default

By checking the decompressed size from input zipped file you can check the decompression ratio. attackers can forge this decompressed size header too. So can't rely on file_size attribute of ZipInfo class. this is recommended to use "ZipFile.open" method to be able to manage decompressed size.

Reading decompressed file byte by byte and verifying the total current size in each loop cycle in recommended to use in any decompression library.

CVE-2023-22898

A great research to gain more impact by this kind of attack