GD v2.2.3 Release Notes
Release Date: 2016-07-22 // almost 8 years ago-
๐ We welcome the 2.2.3 release around a month after 2.2.2 (we are getting consistent). Another important
milestone in the GD 2.2 series.๐ Security related fixes:
This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs:- ๐ fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
- bug #248, fix Out-Of-Bounds Read in read_image_tga
- ๐ gd: Buffer over-read issue when parsing crafted TGA file (CVE-2016-6132)
Using application provided parameters, in these cases invalid data causes the issues:
- Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
- ๐ fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
- ๐ improve color check for CropThreshold
โก๏ธ Important update
- ๐ gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd.
๐ Numerous other fixes have been applied. The scale and rotation functions have been greatly improved as well.
โก๏ธ This is a recommended update.
On a sidenote, we have now a gitter channel if you have any questions or like to discuss with us, in addition to our "#libgd" freenode channel:
๐ Issues fixed in this release:
https://github.com/libgd/libgd/issues?q=is%3Aissue+milestone%3AGD-2.2.3+is%3AclosedYou can download the 2.2.3 version of GD Graphics Library from here or using tag:
๐ https://github.com/libgd/libgd/releases/tag/gd-2.2.3
Full commits list since 2.2.2
gd-2.2.2...gd-2.2.3