Primary

Context

HTSlib Heap Buffer Overflow Vulnerability in CRAM Decoder

Vulnerability

Patched

A heap buffer overflow vulnerability has been identified in HTSlib, a library for handling bioinformatics file formats. This issue arises in the CRAM decoder when processing data encoded with the 'BYTE_ARRAY_STOP' method. An out-by-one error in the 'cram_byte_array_stop_decode_char()' function allows an attacker-controlled byte to be written beyond the end of a heap allocation. This exploitation can lead to program crashes, unintended data and heap structure modifications, and potentially arbitrary code execution.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can lead to program crashes, unexpected modifications of data and heap structures, and possibly arbitrary code execution.

Remediation

Users can upgrade to HTSlib versions 1.21.1, 1.22.2, or 1.23.1 to address this vulnerability.

Added: Mar 18, 2026, 8:31 PM

Updated: Mar 18, 2026, 8:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.3

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.3

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HTSlib Heap Buffer Overflow Vulnerability in CRAM Decoder

Vulnerability

Impact

Remediation

Affected Products

HTSlib

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating