HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read).
CVSS Score
8.8
EPSS Score
0.005
Published
2021-07-01
samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution
CVSS Score
9.8
EPSS Score
0.006
Published
2017-11-17