From a2b3dd8455da2f17849b55e6b6ddcce587e4a323 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 16 Nov 2020 17:01:57 +0000
Subject: [PATCH] shell injection vulnerability via the -authenticate option

---
 coders/pdf.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/coders/pdf.c b/coders/pdf.c
index 5e4edc760..63eda5d81 100644
--- a/coders/pdf.c
+++ b/coders/pdf.c
@@ -588,11 +588,14 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
   if (option != (char *) NULL)
     {
       char
-        passphrase[MaxTextExtent];
-
-      (void) FormatLocaleString(passphrase,MaxTextExtent,
-        "\"-sPDFPassword=%s\" ",option);
-      (void) ConcatenateMagickString(options,passphrase,MaxTextExtent);
+        message[MagickPathExtent],
+        *passphrase;
+
+      passphrase=SanitizeString(option);
+      (void) FormatLocaleString(message,MagickPathExtent, 
+        "\"-sPDFPassword=%s\" ",passphrase);
+      passphrase=DestroyString(passphrase);
+      (void) ConcatenateMagickString(options,message,MagickPathExtent);
     }
   read_info=CloneImageInfo(image_info);
   *read_info->magick='\0';