CVE-2026-31971

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions HTSlib versions prior to 1.23.1 HTSlib version 1.22.2 HTSlib version 1.21.1

Description HTSlib is a library used for handling bioinformatics file formats. A flaw exists in the cram byte array len decode() function when processing data encoded with the BYTE ARRAY LEN method. This function does not properly validate the size of the unpacked data against the allocated output buffer, potentially leading to a heap or stack overflow. Exploitation of this issue, through a crafted file, could result in program crashes, data corruption, or potentially arbitrary code execution.

Recommendations Update HTSlib to version 1.23.1 or later.

Exploit

Fix

Heap Based Buffer Overflow

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-121CWE-1284CWE-787

Related Identifiers

CVE-2026-31971

GHSA-JVX4-4WQ7-6FMH

Affected Products

Htslib

CVE-2026-31971

Weakness Enumeration

Related Identifiers

Affected Products

References · 11