diff -ur gv-3.5.8.orig/source/file.c gv-3.5.8/source/file.c
--- gv-3.5.8.orig/source/file.c	1997-06-07 00:00:00.000000000 +0200
+++ gv-3.5.8/source/file.c	2002-09-26 23:56:00.000000000 +0200
@@ -285,6 +285,22 @@
 }
 
 /*############################################################*/
+/* file_nameIsDangerous */
+/*############################################################*/
+
+char *file_charsAllowedInName = "+,-./:=@\\^_";
+
+int
+file_nameIsDangerous(fn)
+  char *fn;
+{
+  for (; *fn; fn++)
+    if (!isalnum(*fn) && !strchr(file_charsAllowedInName, *fn))
+      return(1);
+  return(0);
+}
+
+/*############################################################*/
 /* file_pdfname2psname */
 /* If the file ends in .pdf, change this to .ps.*/
 /* Return pointer to temp copy if changed, else to input string. */
diff -ur gv-3.5.8.orig/source/file.h gv-3.5.8/source/file.h
--- gv-3.5.8.orig/source/file.h	1997-04-26 00:00:00.000000000 +0200
+++ gv-3.5.8/source/file.h	2002-09-26 23:28:38.000000000 +0200
@@ -70,6 +70,14 @@
 #endif
 );
 
+extern char *file_charsAllowedInName;
+
+extern int			file_nameIsDangerous (
+#if NeedFunctionPrototypes
+   char *
+#endif
+);
+
 extern char*			file_pdfname2psname (
 #if NeedFunctionPrototypes
    char *	/* name */
diff -ur gv-3.5.8.orig/source/ps.c gv-3.5.8/source/ps.c
--- gv-3.5.8.orig/source/ps.c	1997-06-07 00:00:00.000000000 +0200
+++ gv-3.5.8/source/ps.c	2002-09-27 00:29:35.000000000 +0200
@@ -420,6 +420,16 @@
       char cmd[512];
       char s[512];
       filename_unc=file_getTmpFilename(NULL,filename_raw);
+      if (file_nameIsDangerous(filename))
+	{
+	  INFMESSAGE(the filename is dangerous)
+	  sprintf(s, "The filename \"%s\" is dangerous: only alphanumeric "
+		  "characters and \"%s\" are allowed.\n",
+		  filename, file_charsAllowedInName);
+	  NotePopupShowMessage(s);
+	  ENDMESSAGE(psscan)
+	  return(NULL);
+	}
       sprintf(cmd,cmd_uncompress,filename,filename_unc);
       INFMESSAGE(is compressed)
       INFSMESSAGE(uncompress command,cmd)
@@ -491,6 +501,16 @@
       char cmd[512];
       char s[512];
       filename_dsc=file_getTmpFilename(NULL,filename_raw);
+      if (file_nameIsDangerous(filename))
+	{
+	  INFMESSAGE(the filename is dangerous)
+	  sprintf(s, "The filename \"%s\" is dangerous: only alphanumeric "
+		  "characters and \"%s\" are allowed.\n",
+		  filename, file_charsAllowedInName);
+	  NotePopupShowMessage(s);
+	  ENDMESSAGE(psscan)
+	  return(NULL);
+	}
       sprintf(cmd,cmd_scan_pdf,filename,filename_dsc);
       INFMESSAGE(is PDF)
       INFSMESSAGE(scan command,cmd)