Package: maxima Version: 5.43.2-3 Severity: grave Tags: security
Maxima uses /tmp in an insecure way. In particular, when creating plots, files are written to maxima_tempdir (which defaults to /tmp) with predictable names, and there is no check that the files do not exist. An attacker could use symlinks to redirect the writes to an arbitrary file.
