Fedora 42 htslib Urgent Heap Overflow Vulnerability for Code Execution
fedora
March 28, 2026
Update to 1.23.1
Summary
HTSlib is an implementation of a unified C library for accessing common file
formats, such as SAM, CRAM and VCF, used for high-throughput sequencing data,
and is the core library used by samtools and bcftools.
Update Information:
Update to 1.23.1
Change Log
* Thu Mar 19 2026 Rasmus Ory Nielsen
References
[ 1 ] Bug #2448750 - CVE-2026-31962 htslib: htslib: Heap buffer overflow leading to arbitrary code execution via crafted CRAM file
https://bugzilla.redhat.com/show_bug.cgi?id=2448750
[ 2 ] Bug #2448751 - CVE-2026-31965 htslib: HTSlib: Information disclosure or denial of service via out-of-bounds read in CRAM record processing
https://bugzilla.redhat.com/show_bug.cgi?id=2448751
[ 3 ] Bug #2448755 - CVE-2026-31963 htslib: HTSlib: Arbitrary code execution via crafted CRAM file
https://bugzilla.redhat.com/show_bug.cgi?id=2448755
[ 4 ] Bug #2448756 - CVE-2026-31964 htslib: HTSlib: Denial of Service via NULL pointer dereference in CRAM decoding
https://bugzilla.redhat.com/show_bug.cgi?id=2448756
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1fc0d39acd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: htslib
Product: Fedora 42
Version: 1.23.1
Release: 1.fc42
Summary: C library for high-throughput sequencing data formats
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!