CVE-2009-5044
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
Date published : 2011-06-24
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html