Launchpad.net

CVE 2014-3422

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.

See the CVE page on Mitre.org for more details.