Fawkes' flite plugin uses a hard-coded path to store flite's output at src/plugins/flite/synth_thread.cpp:109. This could be abused by an attacker to overwrite arbitrary files accessible by the executing user by pre-creating the file as a symlink to an arbitrary file, so I'd argue it's a security issue.
Fawkes' flite plugin uses a hard-coded path to store flite's output at src/plugins/flite/synth_thread.cpp:109. This could be abused by an attacker to overwrite arbitrary files accessible by the executing user by pre-creating the file as a symlink to an arbitrary file, so I'd argue it's a security issue.