LibGD team is proud to announce the 2.2.4 release of libgd.
Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs:
- gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317)
- double-free in gdImageWebPtr() (CVE-2016-6912)
- potential unsigned underflow in gd_interpolation.c (CVE-2016-10166)
- DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
- Signed Integer Overflow gd_io.c (CVE-2016-10168)
For full list of changes, see CHANGELOG.md.
This is a recommended update.
You can download the 2.2.4 version of GD Graphics Library from the libgd project.
Check out the full commits list since the previous release.