Executing shell commands through mechanisms such as os.system() or
subprocess.run(shell=True) with user-controllable input is prone to
arbitrary shell command injection. In this particular case, a malicious
actor controlling any input name, either in PDF or image form, can
force ocrfeeder to execute shell commands embedded in the file name.
While a workaround for #20, mentioning problems opening files with
special characters, was introduced in 5286120c, this was not applied to
every subprocess invocation. Furthermore, it is good practice to make
use of the parameterization of arguments available in the subprocess
package instead of relying on character escaping alone, avoiding shell
invocation completely. This minimizes the attack surface.