CVE-2007-5940

Name of the Vulnerable Software and Affected Versions feynmf version 1.08

Description The issue allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file. This is related to the feynmf.pl script in feynmf, which is used in TeXLive 2007.

Recommendations For feynm version 1.08, consider restricting access to the feynmf.pl script until a patch is available. As a temporary workaround, avoid using the feynmf.pl script to minimize the risk of exploitation.