chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959
Let's try this again. chm2pdf in Fedora 14 is still vulnerable to this. A patch was provided in the Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959#20 I can't think of a reason not to use it.
Created chm2pdf tracking bugs for this issue Affects: fedora-all [bug 665494]
This flaw was corrected in Fedora 14: chm2pdf-0.9.1-9.fc14 (FEDORA-2011-0454) and Fedora 13: chm2pdf-0.9.1-8.fc13 (FEDORA-2011-0467)