Unrated severityNVD Advisory· Published Jun 6, 2008· Updated Apr 23, 2026

CVE-2008-2575

Description

cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.

Affected products

Jcoppens/Cbrpager
cpe:2.3:a:jcoppens:cbrpager:*:*:*:*:*:*:*:*
Range: <0.9.17
Fedoraproject/Fedora3 versions
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sourceforge.net/forum/forum.phpnvdBroken LinkPatch
sourceforge.net/project/shownotes.phpnvdPatch
cvs.fedoraproject.org/viewcvs/rpms/cbrpager/devel/cbrpager-0.9.16-filen-shell-escaping.patchnvdBroken LinkExploit
secunia.com/advisories/30417nvdBroken LinkVendor Advisory
secunia.com/advisories/30438nvdBroken LinkVendor Advisory
security.gentoo.org/glsa/glsa-200806-05.xmlnvdThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/42741nvdThird Party AdvisoryVDB Entry
secunia.com/advisories/30701nvdBroken Link
www.jcoppens.com/soft/cbrpager/log.en.phpnvdRelease Notes
www.vupen.com/english/advisories/2008/1693/referencesnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000