It was discovered that the ghostscript .tempfile function did not properly handle file permissions. An attacker could possibly exploit this to exploit this to bypass the -dSAFER protection and delete files or disclose their content via a specially crafted PostScript document.
Please see <https://bugzilla.redhat.com/show_bug.cgi?id=1619748#c3>