CVE-2008-2575

cbrpager < 0.9.17 - OS Command Injection via Archive Filename

Title source: llm
STIX 2.1

Description

cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.

References (11)

Core 11
Core References
Release Notes x_refsource_confirm
http://www.jcoppens.com/soft/cbrpager/log.en.php
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1693/references
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200806-05.xml
Broken Link, Patch x_refsource_confirm
http://sourceforge.net/forum/forum.php?forum_id=827120
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=448285
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30417
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42741
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30438
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30701

Scores

EPSS 0.0265
EPSS Percentile 83.7%

Details

CWE
CWE-78
Status published
Products (4)
fedoraproject/fedora 7
fedoraproject/fedora 8
fedoraproject/fedora 9
jcoppens/cbrpager < 0.9.17
Published Jun 06, 2008
Tracked Since Feb 18, 2026