CVE-2026-31970

A flaw was found in HTSlib, a library used for handling bioinformatics file formats. A remote attacker could exploit an integer overflow vulnerability when a user opens a specially crafted GZI GZIP Index file. Exploiting this bug causes a heap buffer overflow. If a user opens a file crafted to...

CVE-2026-31969

A flaw was found in HTSlib, a library used for bioinformatics file formats. A remote attacker could exploit an out-by-one error when processing a specially crafted CRAM Compressed Reference-oriented Alignment Map file. This vulnerability can lead to a heap buffer overflow, potentially allowing fo...

CVE-2026-31965

A flaw was found in HTSlib, a library for reading and writing bioinformatics file formats. This vulnerability, an out-of-bounds read, occurs in the cramdecodeslice function when processing CRAM Compressed Reference-oriented Alignment Map records due to delayed validation of the reference ID field...

CVE-2026-31971

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYLEN method, the crambytearraylendecode failed to validat...

CVE-2026-31969 HTSlib CRAM decoder has a heap buffer overflow

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYSTOP method, an out-by-one error in the...

CVE-2026-31969

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYSTOP method, an out-by-one error in the...

CVE-2026-31967 HTSlib CRAM reader has out-of-bounds read due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, the value of the mate reference id field was not validated. Later use of this value, fo...

CVE-2026-31962

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quality values, the format also allows them to omit this data in certain cases to save space. Due to...

Linux Distros Unpatched Vulnerability : CVE-2026-31971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of...

Linux Distros Unpatched Vulnerability : CVE-2026-31963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of...

HTSlib 输入验证错误漏洞

HTSlib is a C-language library developed by samtools. Versions of HTSlib prior to 1.23.1, 1.22.2, and 1.21.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the late validation of reference ID fields in the cramdecodeSlice function, which could lead t...

Linux Distros Unpatched Vulnerability : CVE-2026-31965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the...

Linux Distros Unpatched Vulnerability : CVE-2026-31967

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the...

Linux Distros Unpatched Vulnerability : CVE-2026-31970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP BGZF files. In the GZI loading...

PT-2026-26147

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTE ARRAY LEN method, the cram byte array len decode failed to...

EUVD-2020-23931

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-36403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTSlib through 1.10.2 allows out-of-bounds write access in vcfparseformat called from vcfparse and vcfread. CVE-2020-36403 Note that Nessus relies on the presen...

SUSE CVE-2020-36403

HTSlib through 1.10.2 allows out-of-bounds write access in vcfparseformat called from vcfparse and vcfread...

USN-4802-1 htslib vulnerabilities

It was discovered that HTSlib incorrectly handled certain data. An attacker could possibly use this issue to execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. CVE-2017-1000206 It was discovered that HTSlib incorrectly handled certain files. An attacker could possibly use this iss...

CVE-2017-1000206

samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution...