ReleaseNote020034

Release Notes 2.0.34

This is the first release after moving the GD project to its new home: http://www.libgd.org

This release introduces a number of bug and security fixes. Upgrading is strongly recommended.

The most notable fixes are:

32-bit multiplication overflow vulnerabilities along with a number of similar issues. These bugs come into play only when attempting to use images with extremely large dimensions.
Memory allocation errors that were not checked. This bug occurred when attempting to allocate an image larger than the available memory. The relevant function now fails gracefully.
Multiple issues in the GIF loader. Corrupt gif images would cause a segfault or infinite loop.
Malformed or empty PNG image also may have caused segfaults.
gdImageFillToBorder segfaulted when the color was not opaque (alpha > 0)
Antialiased lines drawn on an images edge caused a segfault. This bug occurred when a line started or ended near the bounds of the image.
gdImageFill segfaulted when used with patterns or invalid arguments.
gdImageFilledEllipse did not respect transparency.

See the NEWS file in the release archive or the issues tracker for a full list of changes.

I like to thanks the following people for their patches, contributions, and feedback (alphabetical order):

Daniel Cowgill, Phil Knirsch, John Ellson, Edin Kadribasic, Lars Hecking, Rob Leslie, Nuno Lopes, Ethan Merritt, Kevin Scaldeferri, Dr. Volker Zell.

A special thank goes to: