HTSlib
Moderate fix3 remedies
cpe:2.3:a:htslib:htslib:*:*:*:*:*:*:*
Moderate fix3 remedies
- <= 1.21
- <= 1.22
- <= 1.22.1
- <= 1.23
HTSlib Heap and Stack Buffer Overflow Vulnerability in CRAM Decoder
Vulnerability
Patched
A buffer overflow vulnerability has been identified in HTSlib, a library for handling bioinformatics file formats. This issue arises in the CRAM decoder, specifically within the 'VARINT' and 'CONST' encodings. Incomplete validation of the encoding context can lead to up to eight bytes being written beyond the end of a heap allocation or to the location of a one-byte variable on the stack. This could cause adjacent variable values to change unexpectedly. Depending on the data stream, this vulnerability could result in a heap buffer overflow or a stack overflow. Exploitation of this issue could cause the program to crash, overwrite data structures in an unanticipated manner, disrupt the program's control flow, and potentially allow arbitrary code execution.
Impact
Exploitation could lead to a heap or stack buffer overflow, causing program crashes, unintended data overwrites, control flow changes, and possibly arbitrary code execution.
Remediation
Users can upgrade to HTSlib versions 1.21.1, 1.22.2, or 1.23.1 to address this vulnerability.
Added: Mar 18, 2026, 8:33 PM
Updated: Mar 18, 2026, 8:33 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
10.0exploitability
4.3remediation
7.7relevance
4.1threat
3.2urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.