ghostscript prior to 6.53 allows malicious users to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.
aladdin enterprises ghostscript