Mandrake Linux Security Advisory : xpdf (MDKSA-2000:041-1)
There is a potential race condition when using tmpnam and fopen in xpdf versions prior to 0.91. This exploit can be only used as root to overwrite arbitrary files if a symlink is created between the calls to tmpname and fopen. There is also a problem with malicious URL-type links in PDF documents...