Launchpad.net

CVE 2014-1934

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.

See the CVE page on Mitre.org for more details.