Yeemp contains a flaw that may allow a remote attacker to overwrite arbitrary files and potentially take advantage of additional attack vectors. The issue is due to the program not properly recognizing and displaying file transfer encryption status. With a carefully crafted transfer request, an attacker could overwrite arbitrary media fils for contacts on a user's list. Additionally, this may allow an attacker to gain additional attack vectors against the netpbm and ogg123 invocations.
Upgrade to version 0.9.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.