psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
Please refer to the "Mitigation" section of CVE-2018-16509 : <https://access.redhat.com/security/cve/cve-2018-16509>