On 31/01/2020 15.04, VanguardLH wrote:
"Carlos E.R." wrote:

The archiving program could have a feature that as you hover over a file
name, it opens a quickview of it.

Which is why I mentioned an archive viewer that shows thumbnails of
image files within the archive could expose a vulnerability in whatever
is the handler to render those thumbnails. Plus, to show a thumbnail of
an image file in an archive means having to first extract it, so some
viewer could show it. After all, while inside the archive, an image
file is no longer an image file.

I was thinking of previews of any file contained in the zip archive, no
matter what. Can be an office file, for example. No, I do not know any
zip archiver that does this, but there might be one.

It is encoded using whatever archive
format you choose along with whatever compression level you choose and
is a record in a database. That record would have to get extracted to
be in a file in a format understood by an image viewer. The bits inside
the archive are no longer an image, even if you don't compress.
Extraction, as you mentioned even if automatic, is when malware could
become enabled depending on what handler actually opened the file.

7-Zip doesn't preview image files within the archive. Peazip looks like
it does (https://www.peazip.org/screenshots-peazip-1.html), except that
is when using its more modern GUI as a file manager (i.e., you enable
the thumbnail view in Peazip, but are looking at image files in the OS
file system, not inside an archive). When I created a .zip file
containing image files, and opened it in Peazip, it would not extract
(to temporary folder) the image files to then show a thumbnail for them.
It showed a generic image icon for the image files within the archive.



--
Cheers, Carlos.