UBUNTU-CVE-2026-31973

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-31973

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31973.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-31973

Upstream

CVE-2026-31973

Published

2026-03-18T21:16:00Z

Modified

2026-05-20T16:25:19.555833007Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the cram_decode_compression_header() was missing. If the function returned an error, this could lead to a NULL pointer dereference. Exploiting this bug causes a NULL pointer dereference. Typically this will cause the program to crash. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue.

References

Affected packages

Ubuntu:14.04:LTS

samtools

Package

Name: samtools
Purl: pkg:deb/ubuntu/samtools?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.1.19-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "samtools",
            "binary_version": "0.1.19-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31973.json"

Ubuntu:16.04:LTS

samtools

Package

Name: samtools
Purl: pkg:deb/ubuntu/samtools?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.1.19-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "samtools",
            "binary_version": "0.1.19-1ubuntu1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31973.json"

Ubuntu:18.04:LTS

samtools

Package

Name: samtools
Purl: pkg:deb/ubuntu/samtools?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.1-1build1

1.5-1build1

1.6-3ubuntu1

1.6-4

1.7-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "samtools",
            "binary_version": "1.7-1"
        },
        {
            "binary_name": "samtools-test",
            "binary_version": "1.7-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31973.json"

Ubuntu:20.04:LTS

samtools

Package

Name: samtools
Purl: pkg:deb/ubuntu/samtools?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9-4

1.9-5

1.9-6

1.9-7

1.10-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "samtools",
            "binary_version": "1.10-3"
        },
        {
            "binary_name": "samtools-test",
            "binary_version": "1.10-3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31973.json"

Ubuntu:22.04:LTS

samtools

Package

Name: samtools
Purl: pkg:deb/ubuntu/samtools?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.13-2

1.13-4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "samtools",
            "binary_version": "1.13-4"
        },
        {
            "binary_name": "samtools-test",
            "binary_version": "1.13-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31973.json"

Ubuntu:24.04:LTS

samtools

Package

Name: samtools
Purl: pkg:deb/ubuntu/samtools?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.17-1

1.18-1

1.19-1

1.19.2-1

1.19.2-1build1

1.19.2-1build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "samtools",
            "binary_version": "1.19.2-1build2"
        },
        {
            "binary_name": "samtools-test",
            "binary_version": "1.19.2-1build2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31973.json"

Ubuntu:25.10

samtools

Package

Name: samtools
Purl: pkg:deb/ubuntu/samtools?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.21-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "samtools",
            "binary_version": "1.21-1"
        },
        {
            "binary_name": "samtools-test",
            "binary_version": "1.21-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31973.json"

Ubuntu:26.04:LTS

samtools

Package

Name: samtools
Purl: pkg:deb/ubuntu/samtools?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.21-1

1.22.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "samtools",
            "binary_version": "1.22.1-1"
        },
        {
            "binary_name": "samtools-test",
            "binary_version": "1.22.1-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-31973.json"