Htslib · Htslib · CVE-2026-31970
**Name of the Vulnerable Software and Affected Versions**
HTSlib versions prior to 1.23.1
HTSlib version 1.22.2
HTSlib version 1.21.1
**Description**
HTSlib is a library used for reading and writing bioinformatics file formats. A heap buffer overflow can occur in the BGZF index file reader due to an integer overflow in the `bgzf index load hfile()` function. This overflow leads to an undersized buffer allocation, and subsequent writes to this buffer can cause a crash or overwrite heap structures. Exploitation may lead to arbitrary code execution if a user opens a specially crafted file.
**Recommendations**
Versions prior to 1.23.1: Update to version 1.23.1 or later.
Version 1.22.2: Update to version 1.23.1 or later.
Version 1.21.1: Update to version 1.23.1 or later.
Discard any `.gzi` index files from untrusted sources.
Recreate index files using the `bgzip -r` option.