diff --git a/SOURCES/php-5.4.16-CVE-2016-10167.patch b/SOURCES/php-5.4.16-CVE-2016-10167.patch
new file mode 100644
index 0000000..6df0a22
--- /dev/null
+++ b/SOURCES/php-5.4.16-CVE-2016-10167.patch
@@ -0,0 +1,47 @@
+Fix for CVE-2017-10168
+Backported for 5.4 without test and binary patch
+
+
+From f1b2afc9d9e77edf41804f5dfc4e2069d8a12975 Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Tue, 16 Aug 2016 18:23:36 +0200
+Subject: [PATCH] Fix #73868: DOS vulnerability in gdImageCreateFromGd2Ctx()
+
+We must not pretend that there are image data if there are none. Instead
+we fail reading the image file gracefully.
+
+(cherry picked from commit cdb648dc4115ce0722f3cc75e6a65115fc0e56ab)
+---
+ ext/gd/libgd/gd_gd2.c      |   8 ++++++--
+ ext/gd/tests/bug73868.gd2  | Bin 0 -> 1050 bytes
+ ext/gd/tests/bug73868.phpt |  18 ++++++++++++++++++
+ 3 files changed, 24 insertions(+), 2 deletions(-)
+ create mode 100644 ext/gd/tests/bug73868.gd2
+ create mode 100644 ext/gd/tests/bug73868.phpt
+
+diff --git a/ext/gd/libgd/gd_gd2.c b/ext/gd/libgd/gd_gd2.c
+index d06f328..196b785 100644
+--- a/ext/gd/libgd/gd_gd2.c
++++ b/ext/gd/libgd/gd_gd2.c
+@@ -334,12 +334,16 @@ gdImagePtr gdImageCreateFromGd2Ctx (gdIOCtxPtr in)
+ 					for (x = xlo; x < xhi; x++) {
+ 						if (im->trueColor) {
+ 							if (!gdGetInt(&im->tpixels[y][x], in)) {
+-								im->tpixels[y][x] = 0;
++								php_gd_error("gd2: EOF while reading\n");
++								gdImageDestroy(im);
++								return NULL;
+ 							}
+ 						} else {
+ 							int ch;
+ 							if (!gdGetByte(&ch, in)) {
+-								ch = 0;
++								php_gd_error("gd2: EOF while reading\n");
++								gdImageDestroy(im);
++								return NULL;
+ 							}
+ 							im->pixels[y][x] = ch;
+ 						}
+-- 
+2.1.4
+
diff --git a/SOURCES/php-5.4.16-CVE-2016-10168.patch b/SOURCES/php-5.4.16-CVE-2016-10168.patch
new file mode 100644
index 0000000..6e5b08e
--- /dev/null
+++ b/SOURCES/php-5.4.16-CVE-2016-10168.patch
@@ -0,0 +1,45 @@
+Fix for CVE-2017-10168
+Backported for 5.4 without test and binary patch
+
+
+From d2274b01cbbadf5516b3ea87ad76fbae18834007 Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Sat, 17 Dec 2016 17:06:58 +0100
+Subject: [PATCH] Fix #73869: Signed Integer Overflow gd_io.c
+
+GD2 stores the number of horizontal and vertical chunks as words (i.e. 2
+byte unsigned). These values are multiplied and assigned to an int when
+reading the image, what can cause integer overflows. We have to avoid
+that, and also make sure that either chunk count is actually greater
+than zero. If illegal chunk counts are detected, we bail out from
+reading the image.
+
+(cherry picked from commit 5b5d9db3988b829e0b121b74bb3947f01c2796a1)
+---
+ ext/gd/libgd/gd_gd2.c      |   4 ++++
+ ext/gd/tests/bug73869.phpt |  19 +++++++++++++++++++
+ ext/gd/tests/bug73869a.gd2 | Bin 0 -> 92 bytes
+ ext/gd/tests/bug73869b.gd2 | Bin 0 -> 18 bytes
+ 4 files changed, 23 insertions(+)
+ create mode 100644 ext/gd/tests/bug73869.phpt
+ create mode 100644 ext/gd/tests/bug73869a.gd2
+ create mode 100644 ext/gd/tests/bug73869b.gd2
+
+diff --git a/ext/gd/libgd/gd_gd2.c b/ext/gd/libgd/gd_gd2.c
+index 196b785..3eba6b3 100644
+--- a/ext/gd/libgd/gd_gd2.c
++++ b/ext/gd/libgd/gd_gd2.c
+@@ -136,6 +136,10 @@ static int _gd2GetHeader(gdIOCtxPtr in, int *sx, int *sy, int *cs, int *vers, in
+ 	GD2_DBG(php_gd_error("%d Chunks vertically", *ncy));
+ 
+ 	if (gd2_compressed(*fmt)) {
++		if (*ncx <= 0 || *ncy <= 0 || *ncx > INT_MAX / *ncy) {
++			GD2_DBG(printf ("Illegal chunk counts: %d * %d\n", *ncx, *ncy));
++			goto fail1;
++		}
+ 		nc = (*ncx) * (*ncy);
+ 		GD2_DBG(php_gd_error("Reading %d chunk index entries", nc));
+ 		if (overflow2(sizeof(t_chunk_info), nc)) {
+-- 
+2.1.4
+
diff --git a/SPECS/php.spec b/SPECS/php.spec
index 7024bf6..78d0082 100644
--- a/SPECS/php.spec
+++ b/SPECS/php.spec
@@ -69,7 +69,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: 5.4.16
-Release: 42%{?dist}
+Release: 43%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -204,6 +204,8 @@ Patch156: php-5.4.16-CVE-2016-5766.patch
 Patch157: php-5.4.16-CVE-2016-5767.patch
 Patch158: php-5.4.16-CVE-2016-5768.patch
 Patch159: php-5.4.16-CVE-2016-5399.patch
+Patch160: php-5.4.16-CVE-2016-10167.patch
+Patch161: php-5.4.16-CVE-2016-10168.patch
 
 
 BuildRequires: bzip2-devel, curl-devel >= 7.9, gmp-devel
@@ -777,6 +779,8 @@ support for using the enchant library to PHP.
 %patch157 -p1 -b .cve5767
 %patch158 -p1 -b .cve5768
 %patch159 -p1 -b .cve5399
+%patch160 -p1 -b .cve10167
+%patch161 -p1 -b .cve10168
 
 
 # Prevent %%doc confusion over LICENSE files
@@ -1548,6 +1552,10 @@ fi
 
 
 %changelog
+* Wed Oct  4 2017 Remi Collet <rcollet@redhat.com> - 5.4.16-43
+- gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167
+- gd: Signed Integer Overflow gd_io.c CVE-2016-10168
+
 * Fri Aug  5 2016 Remi Collet <rcollet@redhat.com> - 5.4.16-42
 - bz2: fix improper error handling in bzread() CVE-2016-5399