CVE-2026-31964

Name of the Vulnerable Software and Affected Versions HTSlib versions 1.21.1 through 1.23.1

Description HTSlib is a library used for reading and writing bioinformatics file formats. A flaw exists in the CRAM decoder related to handling malformed sequence records. Specifically, the CONST, XPACK, and XRLE encodings do not correctly implement the necessary interface for handling records with omitted sequence or quality data. Attempting to decode these records results in a NULL pointer dereference, which typically causes the program to crash.

Recommendations HTSlib version 1.23.1 includes a fix for this issue. HTSlib version 1.22.2 includes a fix for this issue. HTSlib version 1.21.1 includes a fix for this issue.