EUVD-2026-12930

🗓️ 18 Mar 2026 18:22:58Reported by EUVDType

HTSlib CRAM feature decoding may cause a heap overflow due to an out-by-one error; fixed in affected versions.

Reporter	Title	Published	Views	Family All 25
ATTACKERKB	CVE-2026-31963	18 Mar 202618:22	–	attackerkb
Circl	CVE-2026-31963	19 Mar 202622:00	–	circl
CNNVD	HTSlib 缓冲区错误漏洞	18 Mar 202600:00	–	cnnvd
CVE	CVE-2026-31963	18 Mar 202618:22	–	cve
Cvelist	CVE-2026-31963 HTSlib CRAM reader has heap buffer overflow due to improper validation of input	18 Mar 202618:22	–	cvelist
Debian CVE	CVE-2026-31963	18 Mar 202618:22	–	debiancve
Fedora	[SECURITY] Fedora 43 Update: samtools-1.23.1-1.fc43	28 Mar 202600:46	–	fedora
Fedora	[SECURITY] Fedora 42 Update: bcftools-1.23.1-1.fc42	28 Mar 202601:07	–	fedora
Fedora	[SECURITY] Fedora 43 Update: bcftools-1.23.1-1.fc43	28 Mar 202600:46	–	fedora
Fedora	[SECURITY] Fedora 42 Update: htslib-1.23.1-1.fc42	28 Mar 202601:07	–	fedora

[
  {
    "enisaIdVendor": [
      {
        "id": "cf8f9a55-cf04-3a6b-905a-de88f8675ecd",
        "vendor": {
          "name": "samtools"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "94ce17e5-2f4b-355e-aa95-aa2a5b750045",
        "product": {
          "name": "htslib"
        },
        "product_version": "1.22, < 1.22.2"
      },
      {
        "id": "ba399086-aa1a-3676-b290-6867bd386af5",
        "product": {
          "name": "htslib"
        },
        "product_version": "= 1.23"
      },
      {
        "id": "fddb3795-0819-360c-b13b-5c0cc17d55fc",
        "product": {
          "name": "htslib"
        },
        "product_version": "< 1.21.1"
      }
    ]
  }
]

Source	Link
github	www.github.com/samtools/htslib/security/advisories/GHSA-qgqh-h2q9-7w3c
github	www.github.com/samtools/htslib/commit/8bcc9907be0f945ddc31796d64f078fa05456acd

18 Mar 2026 18:52Current

6.4Medium risk

Vulners AI Score6.4

CVSS 48.8

EPSS0.00061

SSVC