EUVD-2026-12932

🗓️ 18 Mar 2026 18:27:26Reported by EUVDType

HTSlib CRAM fix for NULL pointer dereference when data is omitted in encodings; fixed in 1.23.1, 1.22.2, 1.21.1.

Reporter	Title	Published	Views	Family All 25
ATTACKERKB	CVE-2026-31964	18 Mar 202618:27	–	attackerkb
Circl	CVE-2026-31964	19 Mar 202622:00	–	circl
CNNVD	HTSlib 代码问题漏洞	18 Mar 202600:00	–	cnnvd
CVE	CVE-2026-31964	18 Mar 202618:27	–	cve
Cvelist	CVE-2026-31964 HTSlib CRAM decoder has a NULL Pointer Dereference	18 Mar 202618:27	–	cvelist
Debian CVE	CVE-2026-31964	18 Mar 202618:27	–	debiancve
Fedora	[SECURITY] Fedora 43 Update: samtools-1.23.1-1.fc43	28 Mar 202600:46	–	fedora
Fedora	[SECURITY] Fedora 42 Update: bcftools-1.23.1-1.fc42	28 Mar 202601:07	–	fedora
Fedora	[SECURITY] Fedora 43 Update: bcftools-1.23.1-1.fc43	28 Mar 202600:46	–	fedora
Fedora	[SECURITY] Fedora 42 Update: htslib-1.23.1-1.fc42	28 Mar 202601:07	–	fedora

[
  {
    "enisaIdVendor": [
      {
        "id": "30fd49f0-28f8-3960-9c16-2c14a9f6948a",
        "vendor": {
          "name": "samtools"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "091e53ea-9be6-3cd2-8173-4184c6486134",
        "product": {
          "name": "htslib"
        },
        "product_version": "1.22, < 1.22.2"
      },
      {
        "id": "21fc9e6b-a679-36fe-983b-9cf026edcd81",
        "product": {
          "name": "htslib"
        },
        "product_version": "= 1.23"
      },
      {
        "id": "9676fddb-3e35-31bd-ac06-1afee9d7e580",
        "product": {
          "name": "htslib"
        },
        "product_version": "< 1.21.1"
      }
    ]
  }
]

Source	Link
github	www.github.com/samtools/htslib/security/advisories/GHSA-5w97-85gf-86rm
github	www.github.com/samtools/htslib/commit/e64e68da567d2309509d059ace016d5d7fc7514f

18 Mar 2026 18:46Current

5.8Medium risk

Vulners AI Score5.8

CVSS 46.9

EPSS0.00063

SSVC