Added a simple check on the input filename to ensure that it is an actual PDF prior to handing off to ImageMagick. Without this check, malicious files masquerading as PDFs can trigger arbitrary command execution.
Because this tool is only supported by Mac and Linux, this is accomplished using the system command file and verifying its output.
Added a simple check on the input filename to ensure that it is an actual PDF prior to handing off to ImageMagick. Without this check, malicious files masquerading as PDFs can trigger arbitrary command execution.
Because this tool is only supported by Mac and Linux, this is accomplished using the system command
file
and verifying its output.