UBUNTU-CVE-2026-31970

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2026-31970
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31970.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-31970
Upstream
Published
2026-03-18T20:16:00Z
Modified
2026-05-20T16:25:19.311506002Z
Severity
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N CVSS Calculator
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP [BGZF] files. In the GZI loading function, bgzf_index_load_hfile(), it was possible to trigger an integer overflow, leading to an under- or zero-sized buffer being allocated to store the index. Sixteen zero bytes would then be written to this buffer, and, depending on the result of the overflow the rest of the file may also be loaded into the buffer as well. If the function did attempt to load the data, it would eventually fail due to not reading the expected number of records, and then try to free the overflowed heap buffer. Exploiting this bug causes a heap buffer overflow. If a user opens a file crafted to exploit this issue, it could lead to the program crashing, or overwriting of data and heap structures in ways not expected by the program. It may be possible to use this to obtain arbitrary code execution. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. The easiest work-around is to discard any .gzi index files from untrusted sources, and use the bgzip -r option to recreate them.

References

Affected packages

Ubuntu:20.04:LTS
htslib

Package

Name
htslib
Purl
pkg:deb/ubuntu/htslib?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.9-10
1.9-11
1.9-12
1.10.2-2ubuntu1
1.10.2-2ubuntu2
1.10.2-3
1.10.2-3ubuntu0.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "htslib-test",
            "binary_version": "1.10.2-3ubuntu0.1"
        },
        {
            "binary_name": "libhts3",
            "binary_version": "1.10.2-3ubuntu0.1"
        },
        {
            "binary_name": "tabix",
            "binary_version": "1.10.2-3ubuntu0.1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31970.json"
Ubuntu:22.04:LTS
htslib

Package

Name
htslib
Purl
pkg:deb/ubuntu/htslib?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.13+ds-2
1.13+ds-2build1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "htslib-test",
            "binary_version": "1.13+ds-2build1"
        },
        {
            "binary_name": "libhts3",
            "binary_version": "1.13+ds-2build1"
        },
        {
            "binary_name": "tabix",
            "binary_version": "1.13+ds-2build1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31970.json"
Ubuntu:24.04:LTS
htslib

Package

Name
htslib
Purl
pkg:deb/ubuntu/htslib?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.17+ds-1
1.18+ds-1
1.19+ds-1.1build2
1.19+ds-1.1build3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "htslib-test",
            "binary_version": "1.19+ds-1.1build3"
        },
        {
            "binary_name": "libhts3t64",
            "binary_version": "1.19+ds-1.1build3"
        },
        {
            "binary_name": "tabix",
            "binary_version": "1.19+ds-1.1build3"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31970.json"
Ubuntu:25.10
htslib

Package

Name
htslib
Purl
pkg:deb/ubuntu/htslib?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.21+ds-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "htslib-test",
            "binary_version": "1.21+ds-1"
        },
        {
            "binary_name": "libhts3t64",
            "binary_version": "1.21+ds-1"
        },
        {
            "binary_name": "tabix",
            "binary_version": "1.21+ds-1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31970.json"
Ubuntu:26.04:LTS
htslib

Package

Name
htslib
Purl
pkg:deb/ubuntu/htslib?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.21+ds-1
1.22.1+ds2-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "htslib-test",
            "binary_version": "1.22.1+ds2-1"
        },
        {
            "binary_name": "libhts3t64",
            "binary_version": "1.22.1+ds2-1"
        },
        {
            "binary_name": "tabix",
            "binary_version": "1.22.1+ds2-1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31970.json"
Ubuntu:Pro:14.04:LTS
htslib

Package

Name
htslib
Purl
pkg:deb/ubuntu/htslib?arch=source&distro=esm-infra-legacy%2Ftrusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.2.0~rc3-1
0.2.0~rc3-1ubuntu0.1~esm1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "htslib-test",
            "binary_version": "0.2.0~rc3-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libhts0",
            "binary_version": "0.2.0~rc3-1ubuntu0.1~esm1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31970.json"
Ubuntu:Pro:16.04:LTS
htslib

Package

Name
htslib
Purl
pkg:deb/ubuntu/htslib?arch=source&distro=esm-apps%2Fxenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.2.1-1
1.2.1-2
1.2.1-2ubuntu1
1.2.1-2ubuntu1+esm1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "htslib-test",
            "binary_version": "1.2.1-2ubuntu1+esm1"
        },
        {
            "binary_name": "libhts1",
            "binary_version": "1.2.1-2ubuntu1+esm1"
        },
        {
            "binary_name": "tabix",
            "binary_version": "1.2.1-2ubuntu1+esm1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31970.json"
Ubuntu:Pro:18.04:LTS
htslib

Package

Name
htslib
Purl
pkg:deb/ubuntu/htslib?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.5-1
1.5-4ubuntu1
1.6-3ubuntu1
1.6-4
1.6-4build1
1.7-2
1.7-2ubuntu0.1~esm1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "htslib-test",
            "binary_version": "1.7-2ubuntu0.1~esm1"
        },
        {
            "binary_name": "libhts2",
            "binary_version": "1.7-2ubuntu0.1~esm1"
        },
        {
            "binary_name": "tabix",
            "binary_version": "1.7-2ubuntu0.1~esm1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31970.json"