PT-2026-26144 · Htslib · Htslib
Daviesrob
·
Published
2026-01-01
·
Updated
2026-03-18
·
CVE-2026-31968
CVSS v4.0
8.8
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
HTSlib versions prior to 1.23.1
HTSlib version 1.22.2
HTSlib version 1.21.1
Description
HTSlib is a library used for reading and writing bioinformatics file formats. A flaw exists in the handling of
VARINT and CONST encodings within the CRAM compressed format. Insufficient validation of the encoding context can lead to heap or stack buffer overflows, potentially allowing for arbitrary code execution. Specifically, up to eight bytes may be written beyond allocated memory regions, potentially overwriting adjacent variables or altering program control flow. Exploitation requires a specially crafted file.Recommendations
Update HTSlib to version 1.23.1 or later.
Update HTSlib to version 1.22.2.
Update HTSlib to version 1.21.1.
Exploit
Fix
Heap Based Buffer Overflow
Type Confusion
Stack Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Htslib