A signedness vulnerability was found in libgd 2.1.1 which may result into heap overflow when processing maliciously crafted .gd2 files.
Acknowledgments: Name: Hans Jerry Illikainen
=> https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
Created gd tracking bugs for this issue: Affects: fedora-all [bug 1329564]
Created php tracking bugs for this issue: Affects: fedora-all [bug 1329563]
Public via: http://seclists.org/oss-sec/2016/q2/128
gd-2.1.1-5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
gd-2.1.1-7.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
gd-2.1.1-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2016:2750 https://rhn.redhat.com/errata/RHSA-2016-2750.html