CVE-2026-31965

A flaw was found in HTSlib, a library for reading and writing bioinformatics file formats. This vulnerability, an out-of-bounds read, occurs in the cramdecodeslice function when processing CRAM Compressed Reference-oriented Alignment Map records due to delayed validation of the reference ID field...

CVE-2026-31967 HTSlib CRAM reader has out-of-bounds read due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, the value of the mate reference id field was not validated. Later use of this value, fo...

CVE-2026-31965

In HTSlib, the vulnerability (CVE-2026-31965) affects the CRAM decoding path, specifically cram_decode_slice() where reference-id validation occurs too late. This permits two out-of-bounds reads and may leak two values to the caller; the program may also crash from invalid memory access. Fixed ve...

CVE-2026-31965 HTSlib CRAM reader has out-of-bounds reads due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, validation of the reference id field occurred too late, allowing two out of bounds read...