Arbitrary File Creation Via A Race Condition

didjvu allows malicious local users to create arbitrary files due to insecure use of /tmp. didjvu creates a unique temporary file directly in /tmp or in $TMPDIR, and passes the name of this file to c44, which will then be used as the output filename. Unfortunately, c44 deletes the output file, an...