CVE-2026-31962

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HTSlib versions prior to 1.23.1

Description HTSlib is a library used for reading and writing bioinformatics file formats. A heap buffer overflow exists in the cram decode seq() function when decoding CRAM files. This occurs because the function incorrectly handles records that omit DNA sequence and quality values, leading to a read and write operation beyond the bounds of a heap allocation. Exploitation of this issue, through a crafted CRAM file, could lead to program crashes, data corruption, or potentially arbitrary code execution.

Recommendations Update to HTSlib version 1.23.1 or later.

Exploit

Fix

Improper Validation of Array Index

Out of bounds Read

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129CWE-125CWE-787CWE-122

Related Identifiers

CVE-2026-31962

GHSA-XXMP-V7H3-GPWP

Affected Products

Htslib

CVE-2026-31962

Weakness Enumeration

Related Identifiers

Affected Products

References · 14