CVE-2026-31963

Name of the Vulnerable Software and Affected Versions HTSlib versions prior to 1.23.1 HTSlib version 1.22.2 HTSlib version 1.21.1

Description HTSlib is a library used for reading and writing bioinformatics file formats. The issue relates to the CRAM decoder, which has a heap buffer overflow due to improper validation of input data. Specifically, an out-by-one error in a test for CRAM features beyond the extent of the CRAM record sequence can lead to an invalid write of one attacker-controlled byte beyond the end of a heap buffer. Exploitation of this issue could lead to program crashes or overwriting of data and heap structures, potentially resulting in arbitrary code execution.

Recommendations Update HTSlib to version 1.23.1 or later. For HTSlib version 1.22.2, update to version 1.23.1 or later. For HTSlib version 1.21.1, update to version 1.23.1 or later.