Flite 'play_wave_from_socket()' Insecure Temporary File Creation Vulnerability
Flite is prone to a vulnerability because it creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in obtaining sensitive information. Other attacks may also be possible.
Flite 1.4 is vulnerable; other versions may also be affected.