You can clone with
If a font is used with an user-supplied file name it would enable the attacker to include a TTF or DFONT file (or a file which looks similar) from the local disk. Directory traversal with ../ is possible. Filename extension overwrite (like PHP) using \x00 is not. The AFM font files are whitelisted, TTF and DFONT are not.
Similarly, an image call with user-supplied file name enables local file inclusion like above.
In all cases the included file has to adhere to certain format restrictions.
See #384. The core problem comes from blindly trusting the user's input, not from a bug in Prawn. The ability to include arbitrary fonts or images from disk is a feature in Prawn, not a bug. If you want to allow and end user to specify images or fonts while whitelisting or blacklisting certain ones, you need to implement that sanitize in user code.