[SECURITY] Fedora 44 Update: htslib-1.23.1-1.fc44

HTSlib is an implementation of a unified C library for accessing common file formats, such as SAM, CRAM and VCF, used for high-throughput sequencing data, and is the core library used by samtools and bcftools...

Fedora 44 : bcftools / htslib / samtools (2026-cb321bebb5)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-cb321bebb5 advisory. Update to 1.23.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Fedora 42 : bcftools / htslib / samtools (2026-1fc0d39acd)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-1fc0d39acd advisory. Update to 1.23.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Fedora 43 : bcftools / htslib / samtools (2026-3b06345bf2)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-3b06345bf2 advisory. Update to 1.23.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Fedora 45 : bcftools / htslib / samtools (2026-c383d4a134)

The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-c383d4a134 advisory. Update to 1.23.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

CVE-2026-31970

A flaw was found in HTSlib, a library used for handling bioinformatics file formats. A remote attacker could exploit an integer overflow vulnerability when a user opens a specially crafted GZI GZIP Index file. Exploiting this bug causes a heap buffer overflow. If a user opens a file crafted to...

CVE-2026-31968

A flaw was found in HTSlib, a library for reading and writing bioinformatics file formats. Specifically, within the CRAM Compressed Reference-oriented Alignment Map format, incomplete validation of context in the VARINT and CONST encodings could lead to a heap or stack buffer overflow. A remote...

CVE-2026-31966

A flaw was found in htslib, a library for reading and writing bioinformatics file formats. Specifically, within the CRAM Compressed Reference-oriented Alignment Map decoding process, insufficient validation of feature data series could allow a remote attacker to craft malicious CRAM records. This...

CVE-2026-31969

A flaw was found in HTSlib, a library used for bioinformatics file formats. A remote attacker could exploit an out-by-one error when processing a specially crafted CRAM Compressed Reference-oriented Alignment Map file. This vulnerability can lead to a heap buffer overflow, potentially allowing fo...

CVE-2026-31965

A flaw was found in HTSlib, a library for reading and writing bioinformatics file formats. This vulnerability, an out-of-bounds read, occurs in the cramdecodeslice function when processing CRAM Compressed Reference-oriented Alignment Map records due to delayed validation of the reference ID field...

DEBIAN-CVE-2026-31971

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYLEN method, the crambytearraylendecode failed to validat...

CVE-2026-31971

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYLEN method, the crambytearraylendecode failed to validat...

CVE-2026-31969

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYSTOP method, an out-by-one error in the...

DEBIAN-CVE-2026-31968

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...

CVE-2026-31967

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, the value of the mate reference id field was not validated. Later use of this value, fo...

CVE-2026-31970

HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP BGZF files. In the GZI loading function, bgzfindexloadhfile, it was possible to trigger an integer overflow, leading to an under- or zero-sized buffer being allocated to stor...

UBUNTU-CVE-2026-31968

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...

CVE-2026-31968

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...

CVE-2026-31966

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

CVE-2026-31967

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, the value of the mate reference id field was not validated. Later use of this value, fo...