An out-of-bounds heap read vulnerability was found in latest revision of libgd (a6a0e7f) when parsing specially crafted TARGA file. Upstream bug: https://github.com/libgd/libgd/issues/247 CVE assignment: http://seclists.org/oss-sec/2016/q2/636
Created gd tracking bugs for this issue: Affects: fedora-all [bug 1352548]
gd releases prior to 2.1 did not include .TGA format support and so are not affected by this flaw. This includes RHEL 5,6,7 and Openshift packages. Note that the git repository's tag history is misleading in this respect - examine SRPMs to verify.
confirmed packages embedding gd including RHSCL variants are not affected, for the same reason as rhel-*/gd