imagegammacorrect allows arbitrary write access

Upstream Bug --- 2016-08-02 03:46 UTC https://bugs.php.net/bug.php?id=72730 Summary -- imagegammacorrect accepts two gamma values, if they don't have the same sign then the palette colors will be assigned values bigger than 0xFF, later this values are used to calculate the transparent color using the gdTrueColorAlpha macro, and a negative value will be assigned to the transparent color. This negative value is used as an index and allows writing an arbitrary null, similar to bug #72512 Patch -- 2016-08-10 07:16 UTC http://git.php.net/?p=php-src.git;a=commit;h=4d76676101f8814520ea988e42b3bda54eb9e255 Fixed for PHP 5.6.25, PHP 7.0.10 -- http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php#7.0.10