Description
An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is not a library issue
References (1)
Core 1
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/samtools/htslib/issues/731#issue-339662537
Scores
CVSS v3
7.5
EPSS
0.0147
EPSS Percentile
70.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-772
Status
published
Products (1)
htslib/htslib
1.8
Published
Jul 10, 2018
Tracked Since
Feb 18, 2026