The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
Gentoo Linux Security Advisory 201811-12 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which could result in the execution of arbitrary code. Versions prior to 9.26 are affected.