CVE-2026-31969

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYSTOP method, an out-by-one error in the...

CVE-2026-31967

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, the value of the mate reference id field was not validated. Later use of this value, fo...

CVE-2026-31971 HTSlib CRAM decoder vulnerable to buffer overflow

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYLEN method, the crambytearraylendecode failed to validat...

CVE-2026-31970

HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP BGZF files. In the GZI loading function, bgzfindexloadhfile, it was possible to trigger an integer overflow, leading to an under- or zero-sized buffer being allocated to stor...

EUVD-2026-12944

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYSTOP method, an out-by-one error in the...

CVE-2026-31963

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

CVE-2026-31964

Summary: CVE-2026-31964 affects HTSlib’s CRAM encodings (CONST, XPACK, XRLE). When decoding CRAM records with omitted sequence or quality data, these encodings could write to a NULL pointer, causing a crash (NULL pointer dereference). This is described in the CVE entry with fixed versions listed ...

CVE-2026-31964 HTSlib CRAM decoder has a NULL Pointer Dereference

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence and quality values, the format also allows them to om...

CVE-2026-31963

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

CVE-2026-31962 HTSlib CRAM reader has heap buffer overflow due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quality values, the format also allows them to omit this data in certain cases to save space. Due to...

The vulnerability of the vcf_parse_format function in the library allows access to common file formats used by HTSlib. This enables attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the vcfparseformat function in the library, which allows access to common file formats in HTSlib, lies in the check that only individual fields have excessive sizes. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity...

samtools htslib library CRAM rANS codec buffer overflow vulnerability

The samtools htslib library is a C language library for high throughput sequencing data formats. cram rANS codec is one of the codecs. A buffer overflow vulnerability exists in the CRAM rANS codec in samtools htslib library version 1.4.0 and earlier. An attacker can exploit this vulnerability to...

CVE-2017-1000206

samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution...