yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 31.7%