Index: wp-includes/formatting.php
===================================================================
--- wp-includes/formatting.php	(revision 45536)
+++ wp-includes/formatting.php	(working copy)
@@ -2011,6 +2011,7 @@
 	$filename      = str_replace( $special_chars, '', $filename );
 	$filename      = str_replace( array( '%20', '+' ), '-', $filename );
 	$filename      = preg_replace( '/[\r\n\t -]+/', '-', $filename );
+	$filename      = preg_replace( '/[\x00-\x1F]/', '', $filename );
 	$filename      = trim( $filename, '.-_' );
 
 	if ( false === strpos( $filename, '.' ) ) {