Rejected reason: The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files (aka time-of-check-time-of-use file race). NOTE: the researcher has retracted the original advisory, stating that the portion of vulnerable code is not called in any current version of AFFLIB and is therefore not exploitable.