CVE-2026-31971

Name of the Vulnerable Software and Affected Versions HTSlib versions prior to 1.23.1 HTSlib version 1.22.2 HTSlib version 1.21.1

Description HTSlib is a library used for handling bioinformatics file formats. A flaw exists in the cram byte array len decode() function when processing data encoded with the BYTE ARRAY LEN method. This function does not properly validate the size of the unpacked data against the allocated output buffer, potentially leading to a heap or stack overflow. Exploitation of this issue, through a crafted file, could result in program crashes, data corruption, or potentially arbitrary code execution.

Recommendations Update HTSlib to version 1.23.1 or later.