Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c because a single character code in a PDF document can map to more than one Unicode code point