Given that DangerZone can sanitise malicious PDFs—and even convert malicious, code‑embedded images into clean PDFs—but cannot produce a sanitized image file (e.g., a .png), are there any tools or alternatives that perform the same kind of aggressive, container‑isolated sanitisation yet output the resulting safe file directly as a regular .png instead of a PDF?
https://www.youtube.com/watch?v=yWgwm2IqMqU
PDFs account for 22% of malicious email attachments according to April 2025 Checkpoint data. Adobe Acrobat carries 91 documented vulnerabilities. Three days ago Matrix PDF toolkit hit cybercrime forums offering weaponized document generation that bypasses Gmail filters completely. Danger Zone converts hostile documents into safe PDFs through aggressive Docker isolation developed by Freedom of the Press Foundation. Edward Snowden and Laura Poitras sit on their board. The tool renders every page as raw RGB pixel data, destroying JavaScript exploits, embedded executables, tracking beacons, and macros before reconstructing clean compressed output. Optional OCR through PyMuPDF adds searchable text after sanitization completes.
Include Security ran a 12-day independent audit in December 2023 finding zero critical, high, or medium risk vulnerabilities. Processing happens in isolated containers with networking disabled and filesystems unmounted. Malicious code cannot reach your kernel, access files, or communicate with command and control infrastructure. QubesOS inspired the original First Look Media build. GPL v3 licensed, runs locally, costs nothing. Corporate IT blocks it because metadata destruction breaks their document surveillance. Government agencies lose tracking capability when embedded identifiers vanish. The feature that protects privacy threatens institutional control.