Severity: Critical
CVSS Score: 9.8
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.