CVE-2023-47995: 
Homebrew vulnerability analysis and mitigation

CVE-2023-47995 is a memory allocation vulnerability discovered in the FreeImage_AllocateBitmap function within BitmapAccess.cpp of FreeImage 3.18.0. The vulnerability was disclosed in January 2024 and affects the core functionality of the FreeImage library, which is used for handling various image formats (NVD).

The vulnerability stems from improper validation of image dimensions in the FreeImage_AllocateBitmap function. When processing images, the function calculates memory allocation size based on user-controllable width and height parameters without proper bounds checking. This can lead to excessive memory allocation requests when specially crafted image dimensions are provided. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD, GitHub POC).

When exploited, this vulnerability allows attackers to cause a denial of service condition by consuming excessive system memory. The impact is primarily on system availability, as the vulnerable function can be manipulated to request large amounts of memory that could exhaust system resources (NVD).

Fedora has released security updates to address this vulnerability in versions 38, 39, and 40 of the freeimage package. Users can apply these updates using the dnf package manager with specific advisory commands. The fixes include downstream patches specifically targeting CVE-2023-47995 (Fedora Update).