python · py7zrHeads-up

py7zr: PackInfo._read() O(n^2) cumulative sum in archiveinfo.py

PackInfo._read() in archiveinfo.py uses an O(n^2) cumulative sum pattern where numstreams is read directly from the archive header, causing excessive CPU consum

20 Jun 2026Read 1 minSeverity: schedule it

What changed

PackInfo._read() in archiveinfo.py uses an O(n^2) cumulative sum pattern where numstreams is read directly from the archive header, causing excessive CPU consumption during SevenZipFile.__init__().

Who it affects

Any application that opens .7z archives from untrusted sources using py7zr.SevenZipFile().

What to do today

Replace the O(n^2) cumulative sum with an O(n) cumulative sum using itertools.accumulate.

The trail

Collected→ Audited→ Written→ Published

Source

GitHub Advisory · py7zr

py7zr: PackInfo._read() O(n^2) cumulative sum in archiveinfo.py

What changed

Who it affects

What to do today

More on py7zr

JupyterLab Extension Manager XSS via Malicious PyPI Package URLs

python-liquid DoS via malformed {% case %} tag