diff --git a/inc/lib/webm/ffmpeg.php b/inc/lib/webm/ffmpeg.php
index 7b635b5c..edd2c73a 100644
--- a/inc/lib/webm/ffmpeg.php
+++ b/inc/lib/webm/ffmpeg.php
@@ -49,6 +49,10 @@ function is_valid_webm($ffprobe_out) {
 function make_webm_thumbnail($filename, $thumbnail, $width, $height) {
   global $board, $config;
 
+  $filename = escapeshellarg($filename);
+  $thumbnail = escapeshellarg($thumbnail); // Should be safe by default but you
+                                           // can never be too safe.
+
   $ffmpeg = $config['webm']['ffmpeg_path'];
   $ffmpeg_out = array();