diff --git a/pkgs/development/libraries/gd/CVE-2016-3074.patch b/pkgs/development/libraries/gd/CVE-2016-3074.patch
new file mode 100644
index 000000000000..76994697729b
--- /dev/null
+++ b/pkgs/development/libraries/gd/CVE-2016-3074.patch
@@ -0,0 +1,13 @@
+diff --git a/src/gd_gd2.c b/src/gd_gd2.c
+index 6f28461..a50b33d 100644
+--- a/src/gd_gd2.c
++++ b/src/gd_gd2.c
+@@ -165,6 +165,8 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy,
+ 			if (gdGetInt (&cidx[i].size, in) != 1) {
+ 				goto fail2;
+ 			};
++			if (cidx[i].offset < 0 || cidx[i].size < 0)
++				goto fail2;
+ 		};
+ 		*chunkIdx = cidx;
+ 	};
diff --git a/pkgs/development/libraries/gd/default.nix b/pkgs/development/libraries/gd/default.nix
index c58bd11bc645..bf3b63db399b 100644
--- a/pkgs/development/libraries/gd/default.nix
+++ b/pkgs/development/libraries/gd/default.nix
@@ -12,12 +12,16 @@
 stdenv.mkDerivation rec {
   name = "gd-${version}";
   version = "2.1.1";
-  
+
   src = fetchurl {
     url = "https://github.com/libgd/libgd/releases/download/${name}/libgd-${version}.tar.xz";
     sha256 = "11djy9flzxczphigqgp7fbbblbq35gqwwhn9xfcckawlapa1xnls";
   };
 
+  patches = [
+    ./CVE-2016-3074.patch
+  ];
+
   nativeBuildInputs = [ pkgconfig ];
   buildInputs = [ zlib fontconfig freetype libjpeg libpng libtiff libXpm ];