NULL pointer dereference in Samtools

CVE-2026-31973

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the `cram_de…

EPSS: 0.000 (5.5th percentile) — read the EPSS interpretation.

Affected products

Samtools — versions >= 1.17, < 1.21.1, >= 1.22, < 1.22.2, = 1.23

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

https://github.com/samtools/samtools/security/advisories/GHSA-x86f-q6fj-cm43 (x_refsource_CONFIRM)
https://github.com/samtools/samtools/commit/06fc2a219b3d7c94d3f412c09f6d1efd51199f2f (x_refsource_MISC)