Launchpad.net

CVE 2014-1858

__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.

See the CVE page on Mitre.org for more details.