diff --git a/pkgs/applications/networking/p2p/mldonkey/default.nix b/pkgs/applications/networking/p2p/mldonkey/default.nix
index 9813393c4b502..f2c17199f2a68 100644
--- a/pkgs/applications/networking/p2p/mldonkey/default.nix
+++ b/pkgs/applications/networking/p2p/mldonkey/default.nix
@@ -1,4 +1,4 @@
-{stdenv, fetchurl, ocaml, zlib, bzip2, ncurses, file, gd, libpng }:
+{stdenv, fetchurl, ocaml, zlib, bzip2, ncurses, file, gd, libpng, libjpeg }:
 
 stdenv.mkDerivation (rec {
   name = "mldonkey-3.1.5";
@@ -14,7 +14,7 @@ stdenv.mkDerivation (rec {
     license = stdenv.lib.licenses.gpl2;
   };
 
-  buildInputs = [ ocaml zlib ncurses bzip2 file gd libpng ];
+  buildInputs = [ ocaml zlib ncurses bzip2 file gd libpng libjpeg ];
   configureFlags = [ "--disable-gui" ];
 } // (if !ocaml.nativeCompilers then
 {
diff --git a/pkgs/development/libraries/gd/CVE-2016-3074.patch b/pkgs/development/libraries/gd/CVE-2016-3074.patch
new file mode 100644
index 0000000000000..76994697729bf
--- /dev/null
+++ b/pkgs/development/libraries/gd/CVE-2016-3074.patch
@@ -0,0 +1,13 @@
+diff --git a/src/gd_gd2.c b/src/gd_gd2.c
+index 6f28461..a50b33d 100644
+--- a/src/gd_gd2.c
++++ b/src/gd_gd2.c
+@@ -165,6 +165,8 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy,
+ 			if (gdGetInt (&cidx[i].size, in) != 1) {
+ 				goto fail2;
+ 			};
++			if (cidx[i].offset < 0 || cidx[i].size < 0)
++				goto fail2;
+ 		};
+ 		*chunkIdx = cidx;
+ 	};
diff --git a/pkgs/development/libraries/gd/default.nix b/pkgs/development/libraries/gd/default.nix
index 7c3c53626b5d4..bf3b63db399bd 100644
--- a/pkgs/development/libraries/gd/default.nix
+++ b/pkgs/development/libraries/gd/default.nix
@@ -1,21 +1,34 @@
-{stdenv, fetchurl, zlib, libpng, freetype, libjpeg, fontconfig}:
+{ stdenv, fetchurl
+, pkgconfig
+, zlib
+, libjpeg
+, libpng
+, libtiff ? null
+, libXpm ? null
+, fontconfig
+, freetype
+}:
+
+stdenv.mkDerivation rec {
+  name = "gd-${version}";
+  version = "2.1.1";
 
-stdenv.mkDerivation {
-  name = "gd-2.0.35";
-  
   src = fetchurl {
-    url = http://www.libgd.org/releases/gd-2.0.35.tar.bz2;
-    sha256 = "1y80lcmb8qbzf0a28841zxhq9ndfapmh2fsrqfd9lalxfj8288mz";
+    url = "https://github.com/libgd/libgd/releases/download/${name}/libgd-${version}.tar.xz";
+    sha256 = "11djy9flzxczphigqgp7fbbblbq35gqwwhn9xfcckawlapa1xnls";
   };
-  
-  buildInputs = [zlib libpng freetype];
 
-  propagatedBuildInputs = [libjpeg fontconfig]; # urgh
+  patches = [
+    ./CVE-2016-3074.patch
+  ];
 
-  configureFlags = "--without-x";
+  nativeBuildInputs = [ pkgconfig ];
+  buildInputs = [ zlib fontconfig freetype libjpeg libpng libtiff libXpm ];
 
-  meta = {
-    homepage = http://www.libgd.org/;
-    description = "An open source code library for the dynamic creation of images by programmers";
+  meta = with stdenv.lib; {
+    homepage = https://libgd.github.io/;
+    description = "A dynamic image creation library";
+    license = licenses.free; # some custom license
+    platforms = platforms.unix;
   };
 }
diff --git a/pkgs/tools/graphics/mscgen/default.nix b/pkgs/tools/graphics/mscgen/default.nix
index 36a75743ed8a5..48d50859d2d38 100644
--- a/pkgs/tools/graphics/mscgen/default.nix
+++ b/pkgs/tools/graphics/mscgen/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, flex, bison, gd, libpng, freetype, zlib }:
+{ stdenv, fetchurl, flex, bison, gd, libpng, libjpeg, freetype, zlib }:
 
 let
   version = "0.20";
@@ -11,7 +11,7 @@ stdenv.mkDerivation {
     sha256 = "3c3481ae0599e1c2d30b7ed54ab45249127533ab2f20e768a0ae58d8551ddc23";
   };
 
-  buildInputs = [ flex bison gd libpng freetype zlib ];
+  buildInputs = [ flex bison gd libjpeg libpng freetype zlib ];
 
   doCheck = true;
   preCheck = ''
diff --git a/pkgs/tools/graphics/pstoedit/default.nix b/pkgs/tools/graphics/pstoedit/default.nix
index d4e977128cfee..624f5321c2a69 100644
--- a/pkgs/tools/graphics/pstoedit/default.nix
+++ b/pkgs/tools/graphics/pstoedit/default.nix
@@ -1,17 +1,17 @@
-{ stdenv, fetchurl, pkgconfig, ghostscript, gd, zlib, plotutils }:
+{ stdenv, fetchurl, pkgconfig, ghostscript, gd, libjpeg, zlib, plotutils }:
 
-stdenv.mkDerivation {
+stdenv.mkDerivation rec {
   name = "pstoedit-3.62";
 
   src = fetchurl {
-    url = mirror://sourceforge/pstoedit/pstoedit-3.62.tar.gz;
+    url = "mirror://sourceforge/pstoedit/${name}.tar.gz";
     sha256 = "0j410dm9nqwa7n03yiyz0jwvln0jlqc3n9iv4nls33yl6x3c8x40";
   };
 
-  buildInputs = [ pkgconfig ghostscript gd zlib plotutils ];
+  buildInputs = [ pkgconfig ghostscript gd libjpeg zlib plotutils ];
 
   meta = { 
-    description = "translates PostScript and PDF graphics into other vector formats";
+    description = "Translates PostScript and PDF graphics into other vector formats";
     homepage = http://www.helga-glunz.homepage.t-online.de/pstoedit;
     license = stdenv.lib.licenses.gpl2;
     maintainers = [ stdenv.lib.maintainers.marcweber ];
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 690dab41d4135..7908a6381f911 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -6963,7 +6963,10 @@ in
 
   gettext = callPackage ../development/libraries/gettext { };
 
-  gd = callPackage ../development/libraries/gd { };
+  gd = callPackage ../development/libraries/gd {
+    libtiff = null;
+    libXpm = null;
+  };
 
   gdal = callPackage ../development/libraries/gdal { };