GDCM versions 2.6.0 and 2.6.1 suffer from an out-of-bounds read due to missing checks. The vulnerability occurs during the decoding of JPEG-LS images when the dimensions of the embedded JPEG-LS image (as specified in the JPEG headers) are smaller than the ones of the selected region (set by gdcm::ImageRegionReader::SetRegion and usually based on DICOM header values).
9fe160664c3de2590fc55b8d5d31baa051f09a4bfdb6a7eea28c5c6a6e20f826