A number of temporary file bugs have been found in versions of NetPBM shipped with Red Hat Enterprise Linux 2.1 and 3. These could allow a local attacker the ability to overwrite or create files as a user running the netpbm utilities. Low risk as few programs use the netpbm utilities for image conversion.
Errata has been release, netpbm-9.24-12.1.1 and later fix the problem. Read ya, Phil