FEDORA-2017-2717b02630 created by remi 7 years ago for Fedora 24

Version 2.2.4 - 2017-01-18


  • gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317)
  • double-free in gdImageWebPtr() (CVE-2016-6912)
  • potential unsigned underflow in gd_interpolation.c
  • DOS vulnerability in gdImageCreateFromGd2Ctx()


  • Fix #354: Signed Integer Overflow gd_io.c
  • Fix #340: System frozen
  • Fix OOB reads of the TGA decompression buffer
  • Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
  • Fix potential unsigned underflow
  • Fix double-free in gdImageWebPtr()
  • Fix invalid read in gdImageCreateFromTiffPtr()
  • Fix OOB reads of the TGA decompression buffer
  • Fix #68: gif: buffer underflow reported by AddressSanitizer
  • Avoid potentially dangerous signed to unsigned conversion
  • Fix #304: test suite failure in gif/bug00006 [2.2.3]
  • Fix #329: GD_BILINEAR_FIXED gdImageScale() can cause black border
  • Fix #330: Integer overflow in gdImageScaleBilinearPalette()
  • Fix 321: Null pointer dereferences in gdImageRotateInterpolated
  • Fix whitespace and add missing comment block
  • Fix #319: gdImageRotateInterpolated can have wrong background color
  • Fix color quantization documentation
  • Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries
  • Fix #307: GD_QUANT_NEUQUANT fails to unset trueColor flag
  • Fix #300: gdImageClone() assigns res_y = res_x
  • Fix #299: Regression regarding gdImageRectangle() with gdImageSetThickness()
  • Replace GNU old-style field designators with C89 compatible initializers
  • Fix #297: gdImageCrop() converts palette image to truecolor image
  • Fix #290: TGA RLE decoding is broken
  • Fix unnecessary non NULL checks
  • Fix #289: Passing unrecognized formats to gdImageGd2 results in corrupted files
  • Fix #280: gdImageWebpEx() quantization parameter is a misnomer
  • Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx()
  • Fix issue #276: Sometimes pixels are missing when storing images as BMPs
  • Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts
  • Fix copy&paste error in gdImageScaleBicubicFixed()


  • More documentation
  • Documentation on GD and GD2 formats
  • More tests

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2017-2717b02630

This update has been submitted for testing by remi.

7 years ago
User Icon hreindl commented & provided feedback 7 years ago

works for me with php 7.0/7.1 (own php builds)

This update has been pushed to testing.

7 years ago
User Icon filiperosset commented & provided feedback 7 years ago

no regressions noted

This update has been submitted for stable by bodhi.

7 years ago
User Icon jonathancalloway commented & provided feedback 7 years ago

No errors in dmesg or boot log after reboot

This update has been pushed to stable.

7 years ago

Please login to add feedback.

Content Type
Test Gating
Unstable by Karma
Stable by Karma
Stable by Time
7 years ago
in testing
7 years ago
in stable
7 years ago

Automated Test Results