The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image. Upstream patch: https://github.com/libgd/libgd/commit/1846f48e5fcdde996e7c27a4bbac5d0aef183e4b
Created libwmf tracking bugs for this issue: Affects: fedora-all [bug 1418992]
There has been no movement on this issue for four months. Is this going to be worked on?
(In reply to Carl Song from comment #2) > There has been no movement on this issue for four months. Is this going to > be worked on? Still working on this one, should have the affects by the end of this week.
The previous upstream patch described in comment #0 just adds whitespaces to the code. It seems like the actual patch is at: https://github.com/libgd/libgd/commit/c3cf674cb444696a36f720f785878b41225af063#diff-2ebe418bf93ac39773a117e4b38fe86a