CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw.

_**Describe the bug**_  
There is a reachable assert bug found in stbi\_\_create\_png\_image\_raw, can be triggered via img2sixel+ ASan

_**To Reproduce**_  
compile the program with CFLAGS="-fsanitize=address" CC=clang  
then run `./img2sixel $POC`  
output:

    img2sixel: ./stb_image.h:4374: int stbi__create_png_image_raw(stbi__png *, stbi_uc *, stbi__uint32, int, stbi__uint32, stbi__uint32, int, int): Assertion `img_width_bytes <= x' failed.
    Aborted
    

_**system**_  
ubuntu 16.04,  
clang 12.0.1  
libsixel latest commit 6a5be8b

_**Acknowledgement**_  
NCNIPC of China

_**POC**_  
poc.zip

Headline

CVE-2022-27938: [BUG] a reachable assert in stbi__create_png_image_raw · Issue #163 · saitoha/libsixel

CVE: Latest News