A vulnerability was found in the GD Graphics Library before 2.2.0, as used in PHP before 5.6.12. The gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function. Upstream bugs: https://bugs.php.net/bug.php?id=70064 https://github.com/libgd/libgd/issues/173
Created php tracking bugs for this issue: Affects: fedora-all [bug 1338927]
Created gd tracking bugs for this issue: Affects: fedora-all [bug 1340428]
gd-2.2.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Limited memory leak, only affected PHP 5.5+. More of a bug than a security issue.
PHP fix: http://git.php.net/?p=php-src.git;a=commitdiff;h=1a4722a89ee85be74af5086a7027b3ad1e0a55e8 GD/libgd fix: https://github.com/libgd/libgd/commit/4751b606fa38edc456d627140898a7ec679fcc24
gd-2.1.1-6.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
gd-2.1.1-4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2016:2750 https://rhn.redhat.com/errata/RHSA-2016-2750.html