CVE-2026-31965

A flaw was found in HTSlib, a library for reading and writing bioinformatics file formats. This vulnerability, an out-of-bounds read, occurs in the cramdecodeslice function when processing CRAM Compressed Reference-oriented Alignment Map records due to delayed validation of the reference ID field...

CVE-2026-31967 HTSlib CRAM reader has out-of-bounds read due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, the value of the mate reference id field was not validated. Later use of this value, fo...

CVE-2026-31965

HTSlib CRAM reader vulnerability (CVE-2026-31965) affects the cram_decode_slice() path when reading CRAM records. Validation of the reference id field occurs too late, allowing two out-of-bounds reads before detection. The issue can leak two values to the caller and may crash due to invalid memor...

CVE-2026-31965 HTSlib CRAM reader has out-of-bounds reads due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, validation of the reference id field occurred too late, allowing two out of bounds read...