Buffer overflow in Samtools Htslib

CVE-2026-31970

HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP [BGZF] files. In the GZI loading function, `bgzf_index_load_hfile()`, it was possible to trigger an integer overflo…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (16.0th percentile) — read the EPSS interpretation.

Affected products

Samtools Htslib — versions < 1.21.1, >= 1.22, < 1.22.2, = 1.23

Weakness classification (CWE)

References

https://github.com/samtools/htslib/security/advisories/GHSA-p345-84hx-fq6q (x_refsource_CONFIRM)
https://github.com/samtools/htslib/commit/6dd0d7d0e9e7e2e173a28969e624db8bc8bb5828 (x_refsource_MISC)