gd is vulnerable to information disclosure. The module gd_xbm.c
allows context-dependent attackers to obtain confidential information from process memory and potentially cause a denial of service via a stack-based buffer under-read and application crash) via a long name.