tag.py in eyeD3 (aka python-eyed3) 0.7.5 and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.
lists.opensuse.org/opensuse-updates/2014-05/msg00027.html
lists.opensuse.org/opensuse-updates/2014-05/msg00028.html
bugs.debian.org/cgi-bin/bugreport.cgi?bug=737062
bugzilla.redhat.com/show_bug.cgi?id=1063671
github.com/nicfit/eyeD3
koji.fedoraproject.org/koji/buildinfo?buildID=594272
nvd.nist.gov/vuln/detail/CVE-2014-1934