Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Mitre Description references "PHP 5.6 through 5.2.6" -- however research to the changelog for PHP 5 does not reflect a 5.6 release
"Those issues are fixed by the recent php-4.4.9 release, but they affect
php-5.2.6 as well and the fixes are not part of any released version in
case of 5.2."