Out-of-bounds Read in Samtools Htslib

CVE-2026-31967

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, the value of the mate r…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (7.0th percentile) — read the EPSS interpretation.

Affected products

Samtools Htslib — versions < 1.21.1, >= 1.22, < 1.22.2, = 1.23

Weakness classification (CWE)

References

https://github.com/samtools/htslib/security/advisories/GHSA-33x5-c6vj-8f2w (x_refsource_CONFIRM)
https://github.com/samtools/htslib/commit/9cefb46453ad471e933b8212d4f45920524d3357 (x_refsource_MISC)