malaterre CVE Vulnerabilities & Metrics

Focus on malaterre vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About malaterre Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with malaterre. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total malaterre CVEs: 9
Earliest CVE date: 12 Jan 2016, 20:59 UTC
Latest CVE date: 16 Dec 2025, 22:15 UTC

Latest CVE reference: CVE-2025-53619

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 4

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 33.33%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 33.33%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical malaterre CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.82

Max CVSS: 10.0

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	7
4.0-6.9	1
7.0-8.9	0
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS malaterre CVEs

These are the five CVEs with the highest CVSS scores for malaterre, sorted by severity first and recency.

CVE-2015-8396 malaterre Published on 12 Jan 2016, 20:59 UTC (CVSS: 10.0)
Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.
CVE-2015-8397 malaterre Published on 12 Jan 2016, 20:59 UTC (CVSS: 6.4)
The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image ...
CVE-2025-53619 malaterre Published on 16 Dec 2025, 22:15 UTC (CVSS: 0)
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `null_convert` is called based of the value of the malicious DICOM file specifying the intended interpretation of the image pixel data
CVE-2025-53618 malaterre Published on 16 Dec 2025, 22:15 UTC (CVSS: 0)
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `grayscale_convert` is called based of the value of the malicious DICOM file specifying the intended interpretation of the image pixel data
CVE-2025-52582 malaterre Published on 16 Dec 2025, 22:15 UTC (CVSS: 0)
An out-of-bounds read vulnerability exists in the Overlay::GrabOverlayFromPixelData functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.

All CVEs for malaterre

CVE-2025-53619 malaterre vulnerability CVSS: 0 16 Dec 2025, 22:15 UTC

An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `null_convert` is called based of the value of the malicious DICOM file specifying the intended interpretation of the image pixel data

CVE-2025-53618 malaterre vulnerability CVSS: 0 16 Dec 2025, 22:15 UTC

An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `grayscale_convert` is called based of the value of the malicious DICOM file specifying the intended interpretation of the image pixel data

CVE-2025-52582 malaterre vulnerability CVSS: 0 16 Dec 2025, 22:15 UTC

An out-of-bounds read vulnerability exists in the Overlay::GrabOverlayFromPixelData functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2025-48429 malaterre vulnerability CVSS: 0 16 Dec 2025, 22:15 UTC

An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to leaking heap data. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2024-25569 malaterre vulnerability CVSS: 0 25 Apr 2024, 15:16 UTC

An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2024-22391 malaterre vulnerability CVSS: 0 25 Apr 2024, 15:16 UTC

A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2024-22373 malaterre vulnerability CVSS: 0 25 Apr 2024, 15:16 UTC

An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2015-8397 malaterre vulnerability CVSS: 6.4 12 Jan 2016, 20:59 UTC

The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.

CVE-2015-8396 malaterre vulnerability CVSS: 10.0 12 Jan 2016, 20:59 UTC

Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.