Related: rhbz#1418992 backport CVE-2016-10167 to embedded libwmf gd

libwmf-0.2.8.4-CVE-2016-10167.patch

@@ -0,0 +1,30 @@
+--- libwmf-0.2.8.4/src/extra/gd/gd_gd2.c
++++ libwmf-0.2.8.4/src/extra/gd/gd_gd2.c
+@@ -362,10 +362,9 @@
+ 			{
+ 			  if (!gdGetInt (&im->tpixels[y][x], in))
+ 			    {
+-			      /*printf("EOF while reading\n"); */
+-			      /*gdImageDestroy(im); */
+-			      /*return 0; */
+-			      im->tpixels[y][x] = 0;
++                               fprintf(stderr, "gd2: EOF while reading\n");
++                               gdImageDestroy(im);
++                               return NULL;
+ 			    }
+ 			}
+ 		      else
+@@ -373,10 +372,9 @@
+ 			  int ch;
+ 			  if (!gdGetByte (&ch, in))
+ 			    {
+-			      /*printf("EOF while reading\n"); */
+-			      /*gdImageDestroy(im); */
+-			      /*return 0; */
+-			      ch = 0;
++                              fprintf(stderr, "gd2: EOF while reading\n");
++                              gdImageDestroy(im);
++                              return NULL;
+ 			    }
+ 			  im->pixels[y][x] = ch;
+ 			}

libwmf.spec

@@ -67,6 +67,8 @@ Patch20: libwmf-0.2.8.4-autoheader.patch
 Patch21: libwmf-0.2.8.4-CVE-2016-9011.patch
 # CVE-2016-9317
 Patch22: libwmf-0.2.8.4-CVE-2016-9317.patch
+# CVE-2016-10167
+Patch23: libwmf-0.2.8.4-CVE-2016-10167.patch
 
 Requires: urw-fonts
 Requires: %{name}-lite = %{version}-%{release}
@@ -122,6 +124,7 @@ using libwmf.
 %patch20 -p1 -b .autoheader
 %patch21 -p1 -b .CVE-2016-9011
 %patch22 -p1 -b .CVE-2016-9317
+%patch23 -p1 -b .CVE-2016-10167
 f=README ; iconv -f iso-8859-2 -t utf-8 $f > $f.utf8 ; mv $f.utf8 $f
 
 %build
@@ -184,7 +187,7 @@ sed -i $RPM_BUILD_ROOT%{_datadir}/libwmf/fonts/fontmap -e 's#libwmf/fonts#fonts/
 
 %changelog
 * Wed Feb 08 2017 Caolán McNamara <caolanm@redhat.com> - 0.2.8.4-50
-- CVE-2016-9317
+- CVE-2016-9317, CVE-2016-10167
 
 * Wed Oct 26 2016 Caolán McNamara <caolanm@redhat.com> - 0.2.8.4-49
 - Resolves: rhbz#1388451 (CVE-2016-9011) check max claimed record len