Jkbonfield

**Name of the Vulnerable Software and Affected Versions** HTSlib versions prior to 1.23.1 HTSlib version 1.22.2 HTSlib version 1.21.1 **Description** HTSlib is a library used for handling bioinformatics file formats. A flaw exists in the `cram byte array len decode()` function when processing data encoded with the `BYTE ARRAY LEN` method. This function does not properly validate the size of the unpacked data against the allocated output buffer, potentially leading to a heap or stack overflow. Exploitation of this issue, through a crafted file, could result in program crashes, data corruption, or potentially arbitrary code execution. **Recommendations** Update HTSlib to version 1.23.1 or later.