CVE-2026-31970

Name of the Vulnerable Software and Affected Versions HTSlib versions prior to 1.23.1 HTSlib version 1.22.2 HTSlib version 1.21.1

Description HTSlib is a library used for reading and writing bioinformatics file formats. A heap buffer overflow can occur in the BGZF index file reader due to an integer overflow in the bgzf index load hfile() function. This overflow leads to an undersized buffer allocation, and subsequent writes to this buffer can cause a crash or overwrite heap structures. Exploitation may lead to arbitrary code execution if a user opens a specially crafted file.

Recommendations Versions prior to 1.23.1: Update to version 1.23.1 or later. Version 1.22.2: Update to version 1.23.1 or later. Version 1.21.1: Update to version 1.23.1 or later. Discard any .gzi index files from untrusted sources. Recreate index files using the bgzip -r option.