CVE-2026-31967

Name of the Vulnerable Software and Affected Versions HTSlib versions 1.21.1 through 1.23.1

Description HTSlib is a library used for handling bioinformatics file formats, specifically CRAM, a compressed DNA sequence alignment data format. A flaw exists in the cram decode slice() function during CRAM record processing where the mate reference ID field is not properly validated. This lack of validation can lead to out-of-bounds array reads when converting data to SAM format. If the resulting array value is a valid pointer, it may be interpreted as a string, potentially leading to information disclosure regarding program state or a program crash due to invalid memory access.

Recommendations Update HTSlib to a version after 1.23.1.