Primary

Context

HTSlib NULL Pointer Dereference Vulnerability in CRAM Decoder

Vulnerability

Patched

A NULL pointer dereference vulnerability has been identified in HTSlib, a library for handling bioinformatics file formats. This issue arises in the CRAM decoder, specifically within versions of HTSlib through 1.21, 1.22, and 1.23. The vulnerability is linked to the 'CONST', 'XPACK', and 'XRLE' encodings, which failed to correctly manage records that omitted sequence or quality data to save space. As a result, decoding such records led to an attempt to write to a NULL pointer, causing a program crash.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing the program to crash.

Remediation

Users can upgrade to HTSlib versions 1.21.1, 1.22.2, or 1.23.1 to address this vulnerability.

Added: Mar 18, 2026, 8:11 PM

Updated: Mar 18, 2026, 8:11 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HTSlib NULL Pointer Dereference Vulnerability in CRAM Decoder

Vulnerability

Impact

Remediation

Affected Products

HTSlib

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating