From 869e38717fa91325da87c2a4cedc148a770a07ec Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 19 Nov 2020 18:39:30 +0000
Subject: [PATCH] fix shell injection vulnerability via the -authenticate
 option

---
 coders/pdf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/coders/pdf.c b/coders/pdf.c
index ef1567b29..d5ed56596 100644
--- a/coders/pdf.c
+++ b/coders/pdf.c
@@ -585,7 +585,8 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
   if (stop_on_error != MagickFalse)
     (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
   option=GetImageOption(image_info,"authenticate");
-  if ((option != (char *) NULL) && (strpbrk(option,"&;<>|\"") == (char *) NULL))
+  if ((option != (char *) NULL) &&
+      (strpbrk(option,"&;<>|\"'") == (char *) NULL))
     {
       char
         passphrase[MagickPathExtent];