CVE-2008-2575
cbrpager < 0.9.17 - OS Command Injection via Archive Filename
Title source: llmDescription
cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.
References (11)
Core 11
Core References
Release Notes x_refsource_confirm
http://www.jcoppens.com/soft/cbrpager/log.en.php
Broken Link, Exploit x_refsource_confirm
http://cvs.fedoraproject.org/viewcvs/rpms/cbrpager/devel/cbrpager-0.9.16-filen-shell-escaping.patch?rev=1.2
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1693/references
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200806-05.xml
Broken Link, Patch x_refsource_confirm
http://sourceforge.net/forum/forum.php?forum_id=827120
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=448285
Patch x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=601538&group_id=119647
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30417
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42741
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30438
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30701
Scores
EPSS
0.0265
EPSS Percentile
83.7%
Details
CWE
CWE-78
Status
published
Products (4)
fedoraproject/fedora
7
fedoraproject/fedora
8
fedoraproject/fedora
9
jcoppens/cbrpager
< 0.9.17
Published
Jun 06, 2008
Tracked Since
Feb 18, 2026