OSV-2026-863

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/htslib/OSV-2026-863.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2026-863
Published
2026-06-06T00:19:05.279879Z
Modified
2026-06-07T14:26:42.995718Z
Summary
Global-buffer-overflow in cram_decoder_init
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=519841736

Crash type: Global-buffer-overflow READ 8
Crash state:
cram_decoder_init
cram_decode_compression_header
cram_next_slice
References

Affected packages

OSS-Fuzz / htslib

Package

Name
htslib
Purl
pkg:generic/htslib

Affected ranges

Type
GIT
Repo
https://github.com/samtools/htslib.git
Events
Introduced
d926270f580aa64fab4634859d4518d2d7a5dd7e
Fixed
1b3225f11b7bb55781ad7927f3ef343bc810a21d
Fixed
d94071f3dd9613ab66f177e1237660855a56f0ed

Ecosystem specific 

{
    "severity": null
}

Database specific

source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/htslib/OSV-2026-863.yaml"
introduced_range 
"ffa59ef6ed6a09e1d8e2a82a5c69ad85c94b0bad:57e1a0763c9a5f34a1d1ab9deb3a3ad2bd8fe11d"
fixed_range 
"57e1a0763c9a5f34a1d1ab9deb3a3ad2bd8fe11d:d94071f3dd9613ab66f177e1237660855a56f0ed"