The exifautotran script included in media-libs/jpeg uses a hardcoded name 'tempfile' for temporary file operations.  This will also obviously fail if you don't have write privilages for the current directory.

The security aspect is a potential symlink vulnerability, as well as the issue of the script overwriting any other 'tempfile' you might have in the current directory.  It also makes running multiple instances of the script somewhat challenging.

Reproducible: Always

Steps to Reproduce:
1. Create a file in the local directory called 'tempfile'
2. Find a JPEG file where the exif data says the image requires rotation (http://old.aylett.co.uk/~axa/img_0183.jpg)
3. Run exifautotran on that jpeg file
4. Run exifautotran on a fresh instance of the jpeg file from a directory you have no write access to

Actual Results:  
The file created in step one is gone, step four fails

Expected Results:  
The file is left intact, both steps three and four result in a rotated jpeg file

Simple fix to use mktemp instead:

--- exifautotran~       2007-01-02 16:44:23.000000000 +0000
+++ exifautotran        2007-02-08 16:24:38.000000000 +0000
@@ -27,14 +27,15 @@
  8) transform="-rotate 270";;
  *) transform="";;
  esac
+ TMPFILE=`mktemp` || exit 1
  if test -n "$transform"; then
   echo Executing: jpegtran -copy all $transform $i >&2
-  jpegtran -copy all $transform "$i" > tempfile
+  jpegtran -copy all $transform "$i" > $TMPFILE
   if test $? -ne 0; then
    echo Error while transforming $i - skipped. >&2
+   rm $TMPFILE
   else
    rm "$i"
-   mv tempfile "$i"
+   mv $TMPFILE "$i"
    jpegexiforient -1 "$i" > /dev/null
   fi
  fi