When negative color values are passed to gdImageFillToBorder(), it can lead to infinite recursion, since the recursion termination condition will not necessarily be met. Upstream bug: https://bugs.php.net/bug.php?id=72696 PHP patch: https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1 libgd patch: https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e CVE assignment: http://seclists.org/oss-sec/2016/q4/658
Created php tracking bugs for this issue: Affects: fedora-all [bug 1404737]
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Via RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296