HTSlib Heap Buffer Overflow Vulnerability in GZI Index File Reader

A heap buffer overflow vulnerability has been identified in HTSlib, a library for handling bioinformatics file formats. This issue arises in versions of HTSlib through 1.21, 1.22, and 1.23.1, within the GZI loading function 'bgzf_index_load_hfile()'. The vulnerability is triggered by an integer overflow that leads to an under- or zero-sized buffer being allocated for the index. Consequently, the function writes sixteen zero bytes to this buffer, and depending on the overflow's outcome, may also load additional data from the file into the buffer. If the function attempts to process this data, it can fail to read the expected number of records, leading to an attempt to free the improperly allocated heap buffer. This exploitation can cause the program to crash or overwrite data and heap structures in unexpected ways, potentially allowing for arbitrary code execution.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can lead to program crashes, unintended data and heap structure modifications, and possibly arbitrary code execution.

Remediation

HTSlib versions 1.21.1, 1.22.2, and 1.23.1 include fixes for this vulnerability. Users are also advised to discard any '.gzi' index files from untrusted sources and use the 'bgzip -r' option to recreate them.