gd-2.2.3

@pierrejoye pierrejoye released this Jul 22, 2016 · 327 commits to master since this release

We welcome the 2.2.3 release around a month after 2.2.2 (we are getting consistent). Another important
milestone in the GD 2.2 series.

Security related fixes:
This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs:

  • fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
  • bug #248, fix Out-Of-Bounds Read in read_image_tga
  • gd: Buffer over-read issue when parsing crafted TGA file (CVE-2016-6132)

Using application provided parameters, in these cases invalid data causes the issues:

  • Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
  • fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
  • improve color check for CropThreshold

Important update

  • gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd.

Numerous other fixes have been applied. The scale and rotation functions have been greatly improved as well.

This is a recommended update.

On a sidenote, we have now a gitter channel if you have any questions or like to discuss with us, in addition to our "#libgd" freenode channel:
Chat

Issues fixed in this release:
https://github.com/libgd/libgd/issues?q=is%3Aissue+milestone%3AGD-2.2.3+is%3Aclosed

You can download the 2.2.3 version of GD Graphics Library from here or using tag:

https://github.com/libgd/libgd/releases/tag/gd-2.2.3

Full commits list since 2.2.2
gd-2.2.2...gd-2.2.3

Downloads