Michael Scherer reported that the fedora-business-cards script used /tmp/fedora-business-cards-buffer.svg as a temporary file, which could be used in symlink attacks to overwrite the contents of a file with write permissions to the person running fedora-business-cards.
fedora-business-cards-1-0.1.beta1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.