LibGD team is proud to announce the 2.2.4 release of libgd.
Security related fixes:
This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs:
- gdImageCreate() doesn't check for oversized images and as such is
prone to DoS vulnerabilities. (CVE-2016-9317) - double-free in gdImageWebPtr() (CVE-2016-6912)
- potential unsigned underflow in gd_interpolation.c
- DOS vulnerability in gdImageCreateFromGd2Ctx()
- Signed Integer Overflow gd_io.c
For full list of changes, see CHANGELOG.md.
This is a recommended update.
Check out the full commits list since the previous release.