It was found that .distillerparamkeys and .setdistillerparams methods can be called although they are not intended to be used. However, the only security threat they cause has been fixed via CVE-2018-15910.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
|CVSS3 Base Score||2.5|
|CVSS3 Base Metrics||CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L|
Affected Packages State
|Red Hat Enterprise Linux 8||ghostscript||Not affected|
|Red Hat Enterprise Linux 7||ghostscript||Affected|
|Red Hat Enterprise Linux 6||ghostscript||Will not fix|
|Red Hat Enterprise Linux 5||ghostscript||Will not fix|
CVE description copyright © 2017, The MITRE Corporation