The .forceput (or .forcedef depending on the ghostscript version) is still accessible via DefineResource. An attacker could use this flaw to bypass -dSAFER restriction and, for example, have access to the file system outside of the designated restricted directories.
External References: https://bugs.ghostscript.com/show_bug.cgi?id=700576
Mitigation: Please refer to the "Mitigation" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509
The following upstream fixes resolve the issue : https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd95bb01 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e8f95a
Acknowledgments: Name: Cedric Buissart (Red Hat)
Created ghostscript tracking bugs for this issue: Affects: fedora-all [bug 1691326]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0633 https://access.redhat.com/errata/RHSA-2019:0633
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:0971 https://access.redhat.com/errata/RHSA-2019:0971