Primary

Context

HTSlib Heap Buffer Overflow Vulnerability in CRAM Reader

Vulnerability

Patched

A heap buffer overflow vulnerability has been identified in HTSlib versions through 1.21, 1.22, and 1.23. This issue arises in the CRAM reader, which processes a compressed format for DNA sequence alignment data. The vulnerability is caused by improper validation of CRAM features during decoding, allowing an attacker-controlled byte to be written beyond the end of a heap buffer. Exploitation of this vulnerability could lead to program crashes, unexpected data and heap structure modifications, and potentially arbitrary code execution.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can lead to program crashes, unintended modifications of data and heap structures, and possibly arbitrary code execution.

Remediation

Users can upgrade to HTSlib versions 1.21.1, 1.22.2, or 1.23.1 to address this vulnerability.

Added: Mar 18, 2026, 8:18 PM

Updated: Mar 18, 2026, 8:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.3

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.3

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HTSlib Heap Buffer Overflow Vulnerability in CRAM Reader

Vulnerability

Impact

Remediation

Affected Products

HTSlib

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating