CVE-2020-24295: 
Homebrew vulnerability analysis and mitigation

A Buffer Overflow vulnerability was discovered in FreeImage version 3.19.0 [r1859], specifically in the PSDParser.cpp::ReadImageLine() function. This vulnerability allows remote attackers to execute arbitrary code through the use of a crafted PSD file. The vulnerability was assigned CVE-2020-24295 and was publicly disclosed on August 22, 2023 (NVD).

The vulnerability exists in the ReadImageLine() function within PSDParser.cpp of FreeImage 3.19.0. When the program reads a PSD file, the memcpy function is executed without properly considering the lineSize parameter, which is determined by the controllable nWidth value. This can lead to a heap buffer overflow condition. The vulnerability has received a CVSS v3.1 base score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD, SourceForge Discussion).

The vulnerability can lead to heap buffer overflow when exploited, potentially allowing attackers to execute arbitrary code on the affected system. The impact is considered high as it affects all three main security properties - confidentiality, integrity, and availability - with a High rating for each (NVD).

Fedora has released security updates to address this vulnerability in their packages. Users can update using the dnf package manager with specific advisory commands. For Fedora 38, the fix is included in version 3.19.0-0.20.svn1909.fc38, and for Fedora 39, in version 3.19.0-0.17.svn1909.fc39 (Fedora Update).