VYPR
Vendor

Samtools

Products
2
CVEs
18
Across products
18
Status
Private

Products

2

Recent CVEs

18
  • CVE-2018-13845CriJul 10, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c.

  • CVE-2017-1000206CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.02

    samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution

  • CVE-2018-13844HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in…

  • CVE-2018-13843HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is…

  • CVE-2018-14329MedJul 17, 2018
    risk 0.31cvss 4.7epss 0.00

    In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.

  • CVE-2026-31973Mar 18, 2026
    risk 0.00cvss epss 0.01

    SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the `cram_decode_compression_header()` was missing.…

  • CVE-2026-31972Mar 18, 2026
    risk 0.00cvss epss 0.01

    SAMtools is a program for reading, manipulating and writing bioinformatics file formats. The `mpileup` command outputs DNA sequences that have been aligned against a known reference. On each output line it writes the reference position, optionally the reference DNA base at that…

  • CVE-2026-31971Mar 18, 2026
    risk 0.00cvss epss 0.00

    HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the `BYTE_ARRAY_LEN` method, the…

  • CVE-2026-31970Mar 18, 2026
    risk 0.00cvss epss 0.00

    HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP [BGZF] files. In the GZI loading function, `bgzf_index_load_hfile()`, it was possible to trigger an integer overflow, leading to an under- or zero-sized…

  • CVE-2026-31969Mar 18, 2026
    risk 0.00cvss epss 0.00

    HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the `BYTE_ARRAY_STOP` method, an out-by-one error…

  • CVE-2026-31968Mar 18, 2026
    risk 0.00cvss epss 0.00

    HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the `VARINT` and `CONST` encodings, incomplete validation of the context in…

  • CVE-2026-31967Mar 18, 2026
    risk 0.00cvss epss 0.00

    HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, the value of the mate reference id field was not validated.…

  • CVE-2026-31966Mar 18, 2026
    risk 0.00cvss epss 0.01

    HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each…

  • CVE-2026-31965Mar 18, 2026
    risk 0.00cvss epss 0.00

    HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, validation of the reference id field occurred too late,…

  • CVE-2026-31964Mar 18, 2026
    risk 0.00cvss epss 0.00

    HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence and quality values, the format…

  • CVE-2026-31963Mar 18, 2026
    risk 0.00cvss epss 0.00

    HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each…

  • CVE-2026-31962Mar 18, 2026
    risk 0.00cvss epss 0.00

    HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quality values, the format also allows them to omit this data in certain cases to…

  • CVE-2020-36403Jul 1, 2021
    risk 0.00cvss epss 0.02

    HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read).