EUVD-2026-12948

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYLEN method, the crambytearraylendecode failed to validat...

CVE-2026-31969

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYSTOP method, an out-by-one error in the...

EUVD-2026-12944

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYSTOP method, an out-by-one error in the...

CVE-2026-31968

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...

DEBIAN-CVE-2026-31964

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence and quality values, the format also allows them to om...

CVE-2026-31964

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence and quality values, the format also allows them to om...

CVE-2026-31963

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

UBUNTU-CVE-2026-31964

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence and quality values, the format also allows them to om...

CVE-2026-31967 HTSlib CRAM reader has out-of-bounds read due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, the value of the mate reference id field was not validated. Later use of this value, fo...

CVE-2026-31967

HTSlib CVE-2026-31967 concerns the CRAM reader: in cram_decode_slice(), the mate reference id is not validated, which can lead to out-of-bounds reads when mapping to reference names and potentially writing invalid data into SAM records. This can leak program state information or cause a crash. Af...

CVE-2026-31966 HTSlib CRAM reader has out-of-bounds read due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

CVE-2026-31966

CVE-2026-31966 affects HTSlib’s CRAM reader. The vulnerability stems from insufficient validation of the feature data series in cram_decode_seq(), allowing data to be copied from before the start or after the end of the stored reference into output buffers or the SAM MD tag. This can lead to info...

CVE-2026-31965 HTSlib CRAM reader has out-of-bounds reads due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, validation of the reference id field occurred too late, allowing two out of bounds read...

CVE-2026-31965 HTSlib CRAM reader has out-of-bounds reads due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, validation of the reference id field occurred too late, allowing two out of bounds read...

EUVD-2026-12932

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence and quality values, the format also allows them to om...

CVE-2026-31964

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence and quality values, the format also allows them to om...

CVE-2026-31964

Summary: CVE-2026-31964 affects HTSlib’s CRAM encodings (CONST, XPACK, XRLE). When decoding CRAM records with omitted sequence or quality data, these encodings could write to a NULL pointer, causing a crash (NULL pointer dereference). This is described in the CVE entry with fixed versions listed ...

UBUNTU-CVE-2026-31962

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quality values, the format also allows them to omit this data in certain cases to save space. Due to...

SUSE-SU-2026:20907-1 Security update for protobuf

This update for protobuf fixes the following issues: Security fixes: - CVE-2025-4565: Fixed parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that could lead to crash due to RecursionError bsc1244663. - CVE-2026-0994: Fixed google.protobuf.A...

CVE-2026-31962

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quality values, the format also allows them to omit this data in certain cases to save space. Due to...