While creating an XBM image (imagexbm) with an user supplied name, libgd isn't checking the vsnprintf return value and PHP 5.5 will trust this length and read more memory than it should, causing a read-out-of boundaries, leaking stack memory. References: http://seclists.org/oss-sec/2016/q2/428 External references: https://github.com/libgd/libgd/issues/211 Upstream fix: https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4
Created gd tracking bugs for this issue: Affects: fedora-all [bug 1340857]
gd-2.1.1-6.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
gd-2.1.1-4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.