NULL pointer dereference in Samtools Htslib

CVE-2026-31964

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA seq…

EPSS: 0.001 (19.9th percentile) — read the EPSS interpretation.

Affected products

Samtools Htslib — versions < 1.21.1, >= 1.22, < 1.22.2, = 1.23

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

https://github.com/samtools/htslib/security/advisories/GHSA-5w97-85gf-86rm (x_refsource_CONFIRM)
https://github.com/samtools/htslib/commit/e64e68da567d2309509d059ace016d5d7fc7514f (x_refsource_MISC)