Out-of-bounds Read in Samtools Htslib

CVE-2026-31966

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (6.4th percentile) — read the EPSS interpretation.

Affected products

Samtools Htslib — versions < 1.21.1, >= 1.22, < 1.22.2, = 1.23

Weakness classification (CWE)

References

https://github.com/samtools/htslib/security/advisories/GHSA-5cj8-mj52-8vp3 (x_refsource_CONFIRM)
https://github.com/samtools/htslib/commit/22ec5230ef95769ab009420da69568c7e530af28 (x_refsource_MISC)
https://github.com/samtools/htslib/commit/2a45eb129d703ad27f9fabc8169f0e94d3c69fa3 (x_refsource_MISC)
https://github.com/samtools/htslib/commit/4a5ef25eb1fb3d64438103316fffe423b2c3f5f4 (x_refsource_MISC)