In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
https://www.debian.org/security/2018/dsa-4288
https://www.artifex.com/news/ghostscript-security-resolved/
https://usn.ubuntu.com/3768-1/
https://security.gentoo.org/glsa/201811-12
https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html
https://bugs.ghostscript.com/show_bug.cgi?id=699658
https://access.redhat.com/errata/RHSA-2018:3650
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=a054156d425b4dbdaaa9fda4b5f1182b27598c2b