diff --git a/graphics/gd/Makefile b/graphics/gd/Makefile
index 69e9da8e158..353afee7627 100644
--- a/graphics/gd/Makefile
+++ b/graphics/gd/Makefile
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.67 2016/06/30 13:27:42 jasper Exp $
+# $OpenBSD: Makefile,v 1.68 2016/07/06 08:46:01 jasper Exp $
 
 COMMENT=	library for dynamic creation of images
 
 V=		2.1.1
-REVISION=	2
+REVISION=	3
 DISTNAME=	libgd-$V
 PKGNAME=	gd-$V
 
diff --git a/graphics/gd/patches/patch-src_gd_gif_out_c b/graphics/gd/patches/patch-src_gd_gif_out_c
new file mode 100644
index 00000000000..e97f07d7f00
--- /dev/null
+++ b/graphics/gd/patches/patch-src_gd_gif_out_c
@@ -0,0 +1,41 @@
+$OpenBSD: patch-src_gd_gif_out_c,v 1.1 2016/07/06 08:46:01 jasper Exp $
+
+CVE-2016-6161
+https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842
+
+--- src/gd_gif_out.c.orig	Tue Jan  6 10:16:03 2015
++++ src/gd_gif_out.c	Wed Jul  6 10:43:57 2016
+@@ -1442,15 +1442,23 @@ nomatch:
+  * code in turn.  When the buffer fills up empty it and start over.
+  */
+ 
+-static unsigned long masks[] = {
++static const unsigned long masks[] = {
+ 	0x0000, 0x0001, 0x0003, 0x0007, 0x000F,
+ 	0x001F, 0x003F, 0x007F, 0x00FF,
+ 	0x01FF, 0x03FF, 0x07FF, 0x0FFF,
+ 	0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF
+ };
+ 
++/* Arbitrary value to mark output is done.  When we see EOFCode, then we don't
++ * expect to see any more data.  If we do (e.g. corrupt image inputs), cur_bits
++ * might be negative, so flag it to return early.
++ */
++#define CUR_BITS_FINISHED -1000
++
+ static void output(code_int code, GifCtx *ctx)
+ {
++	if (ctx->cur_bits == CUR_BITS_FINISHED)
++		return;
+ 	ctx->cur_accum &= masks[ctx->cur_bits];
+ 
+ 	if(ctx->cur_bits > 0) {
+@@ -1492,6 +1500,8 @@ static void output(code_int code, GifCtx *ctx)
+ 			ctx->cur_accum >>= 8;
+ 			ctx->cur_bits -= 8;
+ 		}
++		/* Flag that it's done to prevent re-entry. */
++		ctx->cur_bits = CUR_BITS_FINISHED;
+ 
+ 		flush_char(ctx);
+ 	}