Critical Heap Overflow Vulnerability in Fedora 42 Affects Samtools and HTSlib

Critical Heap Overflow Vulnerability in Fedora 42 Affects Samtools and HTSlib

First seen 28 Mar 2026, 07:44 UTC Linuxsecurity 72% similarity 72.8

Article Content

Browse articles
ThreatCluster

A critical heap overflow vulnerability has been identified in the htslib library, which is crucial for high-throughput sequencing data processing in Fedora 42. This vulnerability, cataloged under CVE-2026-31962, allows for arbitrary code execution via crafted CRAM files. Other related vulnerabilities include CVE-2026-31963, CVE-2026-31964, and CVE-2026-31965, which involve denial of service and information disclosure. Users of samtools and bcftools, which rely on htslib, are particularly affected. The vulnerabilities were published on March 18, 2026, and an update to version 1.23.1 has been released to mitigate these issues. The update can be installed using the 'dnf' package manager. Security professionals are advised to apply the update promptly to protect against potential exploitation.

Key Points: • Critical heap overflow vulnerabilities in htslib affect samtools and bcftools. • CVE-2026-31962 allows arbitrary code execution via crafted CRAM files. • Users are urged to update to htslib version 1.23.1 to mitigate risks.

ThreatCluster AI

Timeline

2026-03-18
CVE-2026-31962 published
2026-03-18
CVE-2026-31963 published
2026-03-18
CVE-2026-31964 published
2026-03-18
CVE-2026-31965 published
2026-03-19
Update to htslib version 1.23.1 released
2026-03-28
Articles published detailing vulnerabilities and updates

Community

Browse all →