Htslib
by Samtools
Source repositories
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-13845 | Cri | 0.64 | 9.8 | 0.02 | Jul 10, 2018 | An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c. | ||
| CVE-2017-1000206 | Cri | 0.64 | 9.8 | 0.02 | Nov 17, 2017 | samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution | ||
| CVE-2018-13844 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2018 | An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in… | ||
| CVE-2018-13843 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2018 | An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is… | ||
| CVE-2018-14329 | Med | 0.31 | 4.7 | 0.00 | Jul 17, 2018 | In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack. | ||
| CVE-2026-31971 | 0.00 | — | 0.00 | Mar 18, 2026 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the `BYTE_ARRAY_LEN` method, the… | |||
| CVE-2026-31970 | 0.00 | — | 0.00 | Mar 18, 2026 | HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP [BGZF] files. In the GZI loading function, `bgzf_index_load_hfile()`, it was possible to trigger an integer overflow, leading to an under- or zero-sized… | |||
| CVE-2026-31969 | 0.00 | — | 0.00 | Mar 18, 2026 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the `BYTE_ARRAY_STOP` method, an out-by-one error… | |||
| CVE-2026-31968 | 0.00 | — | 0.00 | Mar 18, 2026 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the `VARINT` and `CONST` encodings, incomplete validation of the context in… | |||
| CVE-2026-31967 | 0.00 | — | 0.00 | Mar 18, 2026 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, the value of the mate reference id field was not validated.… | |||
| CVE-2026-31966 | 0.00 | — | 0.01 | Mar 18, 2026 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each… | |||
| CVE-2026-31965 | 0.00 | — | 0.00 | Mar 18, 2026 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, validation of the reference id field occurred too late,… | |||
| CVE-2026-31964 | 0.00 | — | 0.00 | Mar 18, 2026 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence and quality values, the format… | |||
| CVE-2026-31963 | 0.00 | — | 0.00 | Mar 18, 2026 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each… | |||
| CVE-2026-31962 | 0.00 | — | 0.00 | Mar 18, 2026 | HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quality values, the format also allows them to omit this data in certain cases to… | |||
| CVE-2020-36403 | 0.00 | — | 0.02 | Jul 1, 2021 | HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read). |
- risk 0.64cvss 9.8epss 0.02
An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c.
- risk 0.64cvss 9.8epss 0.02
samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution
- risk 0.49cvss 7.5epss 0.01
An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in…
- risk 0.49cvss 7.5epss 0.01
An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is…
- risk 0.31cvss 4.7epss 0.00
In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.
- CVE-2026-31971Mar 18, 2026risk 0.00cvss —epss 0.00
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the `BYTE_ARRAY_LEN` method, the…
- CVE-2026-31970Mar 18, 2026risk 0.00cvss —epss 0.00
HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP [BGZF] files. In the GZI loading function, `bgzf_index_load_hfile()`, it was possible to trigger an integer overflow, leading to an under- or zero-sized…
- CVE-2026-31969Mar 18, 2026risk 0.00cvss —epss 0.00
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the `BYTE_ARRAY_STOP` method, an out-by-one error…
- CVE-2026-31968Mar 18, 2026risk 0.00cvss —epss 0.00
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the `VARINT` and `CONST` encodings, incomplete validation of the context in…
- CVE-2026-31967Mar 18, 2026risk 0.00cvss —epss 0.00
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, the value of the mate reference id field was not validated.…
- CVE-2026-31966Mar 18, 2026risk 0.00cvss —epss 0.01
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each…
- CVE-2026-31965Mar 18, 2026risk 0.00cvss —epss 0.00
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, validation of the reference id field occurred too late,…
- CVE-2026-31964Mar 18, 2026risk 0.00cvss —epss 0.00
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence and quality values, the format…
- CVE-2026-31963Mar 18, 2026risk 0.00cvss —epss 0.00
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each…
- CVE-2026-31962Mar 18, 2026risk 0.00cvss —epss 0.00
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quality values, the format also allows them to omit this data in certain cases to…
- CVE-2020-36403Jul 1, 2021risk 0.00cvss —epss 0.02
HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read).