libgd through version 2.2.5 is vulnerable to a double free in the src/gd_bump.c:gdImageBmpPtr() function when parsing a crafted JPEG. An attacker could exploit this to cause a crash or potentially execute arbitrary code. Upstream Issue: https://github.com/libgd/libgd/issues/447 Upstream Patch: https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
Created gd tracking bugs for this issue: Affects: fedora-all [bug 1621961] Created libwmf tracking bugs for this issue: Affects: fedora-all [bug 1621962] Created php tracking bugs for this issue: Affects: fedora-all [bug 1621966]
RHEL7 is using gd-2.0.35, which is a release before BMP support was merged in. RHEL7 and before not affected.
RHSCL packages not affected as well.