dputtick
commented
7 years ago I'm going to close this, since CIRCLean now uses filecheck.py from PyCIRCLean instead of generic.py. Filecheck uses PDFiD instead. Also, the current version of libpoppler-dev for Ubuntu 14.04 is 0.24.5, which has this patch. On recent Debian versions 0.26.5 is the current version.
As CIRCLean is using libpoppler, it might interesting to know if this patch is included in the version of the poppler library used:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40 commit message -> Filter stuff that might end up in the shell
I'm pretty sure that is could be misused to execute code on the cleaner itself.