Primary

Context

HTSlib CRAM Decoder Buffer Overflow Vulnerability

Vulnerability

Patched

A buffer overflow vulnerability has been identified in HTSlib, a library for handling bioinformatics file formats. This issue arises in the CRAM decoder when processing data encoded with the 'BYTE_ARRAY_LEN' method. The vulnerability occurs because the 'cram_byte_array_len_decode()' function does not properly validate the length of data being unpacked, allowing for heap or stack overflows with attacker-controlled bytes. Exploitation of this vulnerability could lead to program crashes, unintended overwriting of memory structures, disruption of normal program control flow, and potentially arbitrary code execution.

Impact

Exploitation of this vulnerability can cause a heap or stack buffer overflow, leading to program crashes, corruption of memory structures, unintended changes in program control flow, and possibly arbitrary code execution.

Remediation

Users can upgrade to HTSlib versions 1.21.1, 1.22.2, or 1.23.1 to address this vulnerability.

Added: Mar 18, 2026, 8:27 PM

Updated: Mar 18, 2026, 8:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.3

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.3

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HTSlib CRAM Decoder Buffer Overflow Vulnerability

Vulnerability

Impact

Remediation

Affected Products

HTSlib

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating