comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.

Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service.