psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. https://nvd.nist.gov/vuln/detail/CVE-2018-19476