"GDCM versions 2.6.0 and 2.6.1 (and possibly previous versions) are prone to an out-of-bounds read vulnerability due to missing checks" May not apply to the version currently in ports, however, there's Bug 203479 which brings the port up to date. http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/
CVE-2015-8397, CVE-2015-8396 http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/
A commit references this bug: Author: junovitch Date: Mon Feb 1 02:42:40 UTC 2016 New revision: 407678 URL: https://svnweb.freebsd.org/changeset/ports/407678 Log: Document multiple vulnerabilities in gdcm PR: 206590 Reported by: Sevan Janiyan <venture37@geeklan.co.uk> Security: CVE-2015-8396 Security: CVE-2015-8397 Security: https://vuxml.FreeBSD.org/freebsd/e00d8b94-c88a-11e5-b5fe-002590263bf5.html Changes: head/security/vuxml/vuln.xml
Marked closed/fixed. Setting merge-quarterly- as VuXML MFH doesn't apply and all the original effort in bug 203479 cover the actual fix.