psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
Please refer to the "Mitigation" section of CVE-2018-16509 : <https://access.redhat.com/security/cve/cve-2018-16509>