The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.
Created libwmf tracking bugs for this issue:
Affects: fedora-all [bug 1418992]
There has been no movement on this issue for four months. Is this going to be worked on?
(In reply to Carl Song from comment #2)
> There has been no movement on this issue for four months. Is this going to
> be worked on?
Still working on this one, should have the affects by the end of this week.
The previous upstream patch described in comment #0 just adds whitespaces to the code. It seems like the actual patch is at: