Errata overview
Errata ID 346
Date 2018-05-08
Source package libgd2
Fixed in version 2.1.0-5+deb8u11
This update addresses the following issues:
* The GIF decoding function gdImageCreateFromGifCtx does not zero colorMap
  arrays before use. A specially crafted GIF image could use the
  uninitialized tables to read ~700 bytes from the top of the stack,
  potentially disclosing sensitive information. (CVE-2017-7890)
* Double free vulnerability in the gdImagePngPtr function allows remote
  attackers to cause a denial of service via vectors related to a palette
  with no colors. (CVE-2017-6362)
Additional notes
CVE ID CVE-2017-7890
UCS Bug number #45349