Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file.

imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.