"GDCM versions 2.6.0 and 2.6.1 (and possibly previous versions) are prone to an out-of-bounds read vulnerability due to missing checks" May not apply to the version currently in ports, however, there's Bug 203479 which brings the port up to date.
A commit references this bug:
Date: Mon Feb 1 02:42:40 UTC 2016
New revision: 407678
Document multiple vulnerabilities in gdcm
Reported by: Sevan Janiyan <firstname.lastname@example.org>
Marked closed/fixed. Setting merge-quarterly- as VuXML MFH doesn't apply and all the original effort in bug 203479 cover the actual fix.