The sort_offline function for texindex in texinfo 4.8 and previous versions allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Frank Lichtenheld discovered that the “texindex” program created
temporary files in an insecure manner This could allow a symlink
attack to create or overwrite arbitrary files with the privileges of
the user running texindex ...