giflib appears to have a terrible security profile: * bug 785664 * bug 851945 * bug 918539 In the latest upstream release, they indicated that they aren't interested in any sort of bug reports on invalid input. Please consider, if appropriate, either dropping USE=gif support, package.use.masking it, or perhaps disabling it by default via package.use (given the desktop profiles enable USE=gif by default). If this package is expected to only interact with trusted gifs or you feel it's critical to the functionality of this package, feel free to close as WONTFIX. Thanks.
Apparently the feature is considered important enough to enable it in profiles by default. So, dropping it is probably a bad idea.