Because the filename that gets passed into pdf-redact-tools then gets passed into ImageMagick's convert, it's possible that a filename beginning with - could lead to command injection by specifying args to convert.
Even before this patch, this doesn't seem exploitable because argparse already rejects filenames that start with -:
Because the filename that gets passed into
pdf-redact-tools
then gets passed into ImageMagick'sconvert
, it's possible that a filename beginning with-
could lead to command injection by specifying args toconvert
.Even before this patch, this doesn't seem exploitable because argparse already rejects filenames that start with
-
:But just in case someone could figure out how to specify a filename that begins with a
-
, this patch will validate against it.