CVE-2020-21428: 
Homebrew vulnerability analysis and mitigation

A buffer overflow vulnerability was discovered in FreeImage version 3.18.0, specifically in the LoadRGB function within PluginDDS.cpp. The vulnerability was assigned CVE-2020-21428 and allows remote attackers to execute arbitrary code and cause other impacts through a crafted image file (NVD, Debian Security).

The vulnerability is classified as a heap-buffer-overflow occurring in the LoadRGB function of PluginDDS.cpp. It has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue is categorized under CWE-120 (Buffer Copy without Checking Size of Input) (NVD, FreeImage Bug).

When exploited, this vulnerability can lead to arbitrary code execution, denial of service, and other potential impacts through the processing of specially crafted image files. The high CVSS score indicates severe potential consequences affecting confidentiality, integrity, and availability of the system (NVD).

The vulnerability has been fixed in various distributions including Debian (versions 3.18.0+ds2-6+deb11u1 for bullseye and 3.18.0+ds2-9+deb12u1 for bookworm), Ubuntu (multiple version updates across different releases), and Fedora. Users are recommended to upgrade their FreeImage packages to the latest available version (Debian Security, Ubuntu Security).