aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files.
https://exchange.xforce.ibmcloud.com/vulnerabilities/18698
http://www.securityfocus.com/bid/12128
http://shellcode.org/pipermail/debian-audit/2004-December/000078.html