ubuntu-cve-2026-31967
Vulnerability from osv_ubuntu
Published
2026-03-18 20:16
Modified
2026-05-20 15:27
Summary
Details

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cram_decode_slice() function called while reading CRAM records, the value of the mate reference id field was not validated. Later use of this value, for example when converting the data to SAM format, could result in the out of bounds array reads when looking up the corresponding reference name. If the array value obtained also happened to be a valid pointer, it would be interpreted as a string and an attempt would be made to write the data as part of the SAM record. This bug may allow information about program state to be leaked. It may also cause a program crash through an attempt to access invalid memory. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue.


{
  "affected": [
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "htslib-test",
            "binary_version": "0.2.0~rc3-1ubuntu0.1~esm1"
          },
          {
            "binary_name": "libhts0",
            "binary_version": "0.2.0~rc3-1ubuntu0.1~esm1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:14.04:LTS",
        "name": "htslib",
        "purl": "pkg:deb/ubuntu/htslib@0.2.0~rc3-1ubuntu0.1~esm1?arch=source\u0026distro=esm-infra-legacy/trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.2.0~rc3-1",
        "0.2.0~rc3-1ubuntu0.1~esm1"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "htslib-test",
            "binary_version": "1.2.1-2ubuntu1+esm1"
          },
          {
            "binary_name": "libhts1",
            "binary_version": "1.2.1-2ubuntu1+esm1"
          },
          {
            "binary_name": "tabix",
            "binary_version": "1.2.1-2ubuntu1+esm1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:16.04:LTS",
        "name": "htslib",
        "purl": "pkg:deb/ubuntu/htslib@1.2.1-2ubuntu1+esm1?arch=source\u0026distro=esm-apps/xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.2.1-1",
        "1.2.1-2",
        "1.2.1-2ubuntu1",
        "1.2.1-2ubuntu1+esm1"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "htslib-test",
            "binary_version": "1.7-2ubuntu0.1~esm1"
          },
          {
            "binary_name": "libhts2",
            "binary_version": "1.7-2ubuntu0.1~esm1"
          },
          {
            "binary_name": "tabix",
            "binary_version": "1.7-2ubuntu0.1~esm1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:18.04:LTS",
        "name": "htslib",
        "purl": "pkg:deb/ubuntu/htslib@1.7-2ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.5-1",
        "1.5-4ubuntu1",
        "1.6-3ubuntu1",
        "1.6-4",
        "1.6-4build1",
        "1.7-2",
        "1.7-2ubuntu0.1~esm1"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "htslib-test",
            "binary_version": "1.10.2-3ubuntu0.1"
          },
          {
            "binary_name": "libhts3",
            "binary_version": "1.10.2-3ubuntu0.1"
          },
          {
            "binary_name": "tabix",
            "binary_version": "1.10.2-3ubuntu0.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:20.04:LTS",
        "name": "htslib",
        "purl": "pkg:deb/ubuntu/htslib@1.10.2-3ubuntu0.1?arch=source\u0026distro=focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.9-10",
        "1.9-11",
        "1.9-12",
        "1.10.2-2ubuntu1",
        "1.10.2-2ubuntu2",
        "1.10.2-3",
        "1.10.2-3ubuntu0.1"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "htslib-test",
            "binary_version": "1.13+ds-2build1"
          },
          {
            "binary_name": "libhts3",
            "binary_version": "1.13+ds-2build1"
          },
          {
            "binary_name": "tabix",
            "binary_version": "1.13+ds-2build1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:22.04:LTS",
        "name": "htslib",
        "purl": "pkg:deb/ubuntu/htslib@1.13+ds-2build1?arch=source\u0026distro=jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.13+ds-2",
        "1.13+ds-2build1"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "htslib-test",
            "binary_version": "1.19+ds-1.1build3"
          },
          {
            "binary_name": "libhts3t64",
            "binary_version": "1.19+ds-1.1build3"
          },
          {
            "binary_name": "tabix",
            "binary_version": "1.19+ds-1.1build3"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:24.04:LTS",
        "name": "htslib",
        "purl": "pkg:deb/ubuntu/htslib@1.19+ds-1.1build3?arch=source\u0026distro=noble"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.17+ds-1",
        "1.18+ds-1",
        "1.19+ds-1.1build2",
        "1.19+ds-1.1build3"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "htslib-test",
            "binary_version": "1.21+ds-1"
          },
          {
            "binary_name": "libhts3t64",
            "binary_version": "1.21+ds-1"
          },
          {
            "binary_name": "tabix",
            "binary_version": "1.21+ds-1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:25.10",
        "name": "htslib",
        "purl": "pkg:deb/ubuntu/htslib@1.21+ds-1?arch=source\u0026distro=questing"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.21+ds-1"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "htslib-test",
            "binary_version": "1.22.1+ds2-1"
          },
          {
            "binary_name": "libhts3t64",
            "binary_version": "1.22.1+ds2-1"
          },
          {
            "binary_name": "tabix",
            "binary_version": "1.22.1+ds2-1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:26.04:LTS",
        "name": "htslib",
        "purl": "pkg:deb/ubuntu/htslib@1.22.1+ds2-1?arch=source\u0026distro=resolute"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.21+ds-1",
        "1.22.1+ds2-1"
      ]
    }
  ],
  "aliases": [],
  "details": "HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, the value of the mate reference id field was not validated. Later use of this value, for example when converting the data to SAM format, could result in the out of bounds array reads when looking up the corresponding reference name. If the array value obtained also happened to be a valid pointer, it would be interpreted as a string and an attempt would be made to write the data as part of the SAM record. This bug may allow information about program state to be leaked. It may also cause a program crash through an attempt to access invalid memory. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue.",
  "id": "UBUNTU-CVE-2026-31967",
  "modified": "2026-05-20T15:27:20Z",
  "published": "2026-03-18T20:16:00Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2026-31967"
    },
    {
      "type": "REPORT",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-31967"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/samtools/htslib/security/advisories/GHSA-33x5-c6vj-8f2w"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/samtools/htslib/commit/9cefb46453ad471e933b8212d4f45920524d3357"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    },
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "medium",
      "type": "Ubuntu"
    }
  ],
  "upstream": [
    "CVE-2026-31967"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…