filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file.