It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER constraints.
Please refer to the "Mitigation" section of CVE-2018-16509 : <https://access.redhat.com/security/cve/cve-2018-16509>