CVE-2020-24294: 
Homebrew vulnerability analysis and mitigation

CVE-2020-24294 is a buffer overflow vulnerability discovered in the psdParser::UnpackRLE function within PSDParser.cpp of FreeImage version 3.19.0 [r1859]. The vulnerability was identified and disclosed in August 2020, affecting the FreeImage image processing library (NVD, CVE).

The vulnerability stems from an integer overflow condition in line 1328 of the psdParser::UnpackRLE function in PSDParser.cpp. The issue occurs when 'srcSize', which is an unsigned integer, becomes negative after a subtraction operation (srcSize-=len). Despite being negative, it is still treated as a positive number in memory (0xffffff94), leading to an out-of-bounds read in rle_line. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (SourceForge Discussion).

When exploited, this vulnerability can lead to a denial of service condition through the opening of a crafted PSD file. The integer overflow can result in out-of-bounds read operations, potentially affecting system stability and security (NVD).

As of the current data, while the vulnerability has been identified and documented, there is no specific patch information available. Users are advised to exercise caution when processing PSD files from untrusted sources (Debian Security Tracker).