chm2pdf exposes to local attacks because it create temporary files insecurely. CVE-2008-5298, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5298 chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time. CVE-2008-5299, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5299 chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories.
These issues are already fixed thanks to /usr/portage/app-text/chm2pdf/files/tempdir.patch.