CVE-2026-31962

Name of the Vulnerable Software and Affected Versions HTSlib versions prior to 1.23.1

Description HTSlib is a library used for reading and writing bioinformatics file formats. A heap buffer overflow exists in the cram decode seq() function when decoding CRAM files. This occurs because the function incorrectly handles records that omit DNA sequence and quality values, leading to a read and write operation beyond the bounds of a heap allocation. Exploitation of this issue, through a crafted CRAM file, could lead to program crashes, data corruption, or potentially arbitrary code execution.

Recommendations Update to HTSlib version 1.23.1 or later.