Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
Exploitability
AV:LAC:LPR:NUI:RScope
S:CImpact
C:HI:HA:H8.6/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H