CVE-2026-31973
SAMtools includes a NULL pointer dereference in the cram-size path of CRAM header handling: if cram_decode_compression_header() returns an error, a NULL pointer dereference may occur, crashing the program. This affects 1.17+ before fixes. The available connected advisories confirm fixes in versio...