Primary

Context

SAMtools NULL Pointer Dereference Vulnerability in CRAM Compression Handling

Vulnerability

A NULL pointer dereference vulnerability has been identified in SAMtools versions 1.17 through 1.21, as well as 1.22, 1.22.1, and 1.23. This issue arises in the 'cram-size' command, which reports on CRAM file compression efficiency. The vulnerability occurs because a necessary check for the 'cram_decode_compression_header()' function was omitted. If this function encounters an error, it can result in a NULL pointer dereference, causing the program to crash.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing the program to crash.

Remediation

Users can upgrade to SAMtools versions 1.21.1, 1.22.2, or 1.23.1 to address this vulnerability.

Added: Mar 18, 2026, 9:25 PM

Updated: Mar 18, 2026, 9:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAMtools NULL Pointer Dereference Vulnerability in CRAM Compression Handling

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating