CVE-2026-31967
HTSlib CVE-2026-31967 concerns the CRAM reader: in cram_decode_slice(), the mate reference id is not validated, which can lead to out-of-bounds reads when mapping to reference names and potentially writing invalid data into SAM records. This can leak program state information or cause a crash. Af...