Created attachment 26662 [details]
The archive includes both the images described and the pdf generated.

Hello team,

When generating a password-protected PDF using the latest version of the tool on Windows 10, I noticed that the full command-line input, including the plaintext password, is embedded at the beginning of the generated PDF file.
This allows anyone with access to the PDF to retrieve the password simply by running a command like "type" (Windows) or "cat" (Linux/macOS) on the file.

Steps to Reproduce:
1. Download and install the latest version of the tool from GitHub:
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10050/gs10050w64.exe

2. On a Windows 10 machine I run the folowing command in cmd to create a protected pdf file.
"gswin64.exe -dDisplayFormat=198788 -dDisplayResolution=96 -dCompatibilityLevel#1.4 -sUserPassword#123456789 -sOwnerPassword#123456789 -q -P- -dSAFER -dNOPAUSE -dBATCH -sDEVICE#pdfwrite -sOutputFile#C:\Users\Admin\Downloads\test.pdf" (Image1.png).

3. The test.pdf file was successfully created. Inspecting the file using "type test.pdf", revealed the full command used to generate the PDF including the password (Image2.png).

Expected Behavior:
The PDF should not contain sensitive information such as the password used during encryption.

Actual Behavior:
The output PDF embeds the entire command-line invocation including the plaintext password at the beginning of the file.

Enviroment Details:
Tool Version: 10.05.0
Operating System: Windows 10 Pro Version 22H2 (OS Build 19045.5737)
Architecture: x64

This issue may qualify for a CVE, as it involves unintended disclosure of sensitive information (the password used for PDF encryption) within the resulting file. Please consider assigning a CVE ID.

Kind Regards,
Vasileios Flengas