diff -Nur dcmtk-for-dcmjp2k-3.6.3-unix/dcmnet/libsrc/dulparse.cc dcmtk-for-dcmjp2k-3.6.3-unix.patched/dcmnet/libsrc/dulparse.cc
--- dcmtk-for-dcmjp2k-3.6.3-unix/dcmnet/libsrc/dulparse.cc	2018-02-05 18:58:13.000000000 +0100
+++ dcmtk-for-dcmjp2k-3.6.3-unix.patched/dcmnet/libsrc/dulparse.cc	2018-08-23 08:17:11.551074781 +0200
@@ -223,7 +223,8 @@
             if (cond.good())
             {
                 buf += itemLength;
-                pduLength -= itemLength;
+                if (!OFStandard::safeSubtract(pduLength, itemLength, pduLength))
+                  return makeUnderflowError("Application Context item", pduLength, itemLength);
                 DCMNET_TRACE("Successfully parsed Application Context");
             }
             break;
@@ -235,7 +236,8 @@
             cond = parsePresentationContext(type, context, buf, &itemLength, pduLength);
             if (cond.bad()) return cond;
             buf += itemLength;
-            pduLength -= itemLength;
+            if (!OFStandard::safeSubtract(pduLength, itemLength, pduLength))
+              return makeUnderflowError("Presentation Context item", pduLength, itemLength);
             LST_Enqueue(&assoc->presentationContextList, (LST_NODE*)context);
             DCMNET_TRACE("Successfully parsed Presentation Context");
             break;
@@ -246,7 +248,8 @@
             if (cond.bad())
                 return cond;
             buf += itemLength;
-            pduLength -= itemLength;
+            if (!OFStandard::safeSubtract(pduLength, itemLength, pduLength))
+              return makeUnderflowError("User Information item", pduLength, itemLength);
             DCMNET_TRACE("Successfully parsed User Information");
             break;
         default:
@@ -396,7 +399,8 @@
                     return cond;
 
                 buf += length;
-                presentationLength -= length;
+                if (!OFStandard::safeSubtract(presentationLength, length, presentationLength))
+                  return makeUnderflowError("Abstract Syntax", presentationLength, length);
                 DCMNET_TRACE("Successfully parsed Abstract Syntax");
                 break;
             case DUL_TYPETRANSFERSYNTAX:
@@ -406,7 +410,8 @@
                 if (cond.bad()) return cond;
                 LST_Enqueue(&context->transferSyntaxList, (LST_NODE*)subItem);
                 buf += length;
-                presentationLength -= length;
+                if (!OFStandard::safeSubtract(presentationLength, length, presentationLength))
+                  return makeUnderflowError("Transfer Syntax", presentationLength, length);
                 DCMNET_TRACE("Successfully parsed Transfer Syntax");
                 break;
             default:
@@ -495,7 +500,8 @@
             if (cond.bad())
                 return cond;
             buf += length;
-            userLength -= (unsigned short) length;
+            if (!OFStandard::safeSubtract(userLength, OFstatic_cast(short unsigned int, length), userLength))
+              return makeLengthError("maximum length sub-item", userLength, length);
             DCMNET_TRACE("Successfully parsed Maximum PDU Length");
             break;
         case DUL_TYPEIMPLEMENTATIONCLASSUID:
@@ -504,7 +510,8 @@
             if (cond.bad())
                 return cond;
             buf += length;
-            userLength -= (unsigned short) length;
+            if (!OFStandard::safeSubtract(userLength, OFstatic_cast(short unsigned int, length), userLength))
+              return makeLengthError("Implementation Class UID sub-item", userLength, length);
             break;
 
         case DUL_TYPEASYNCOPERATIONS:
@@ -520,14 +527,16 @@
             if (cond.bad()) return cond;
             LST_Enqueue(&userInfo->SCUSCPRoleList, (LST_NODE*)role);
             buf += length;
-            userLength -= (unsigned short) length;
+            if (!OFStandard::safeSubtract(userLength, OFstatic_cast(short unsigned int, length), userLength))
+              return makeLengthError("SCP/SCU Role Selection sub-item", userLength, length);
             break;
         case DUL_TYPEIMPLEMENTATIONVERSIONNAME:
             cond = parseSubItem(&userInfo->implementationVersionName,
                                 buf, &length, userLength);
             if (cond.bad()) return cond;
             buf += length;
-            userLength -= (unsigned short) length;
+            if (!OFStandard::safeSubtract(userLength, OFstatic_cast(short unsigned int, length), userLength))
+              return makeLengthError("Implementation Version Name structure", userLength, length);
             break;
 
         case DUL_TYPESOPCLASSEXTENDEDNEGOTIATION:
@@ -543,7 +552,8 @@
             }
             userInfo->extNegList->push_back(extNeg);
             buf += length;
-            userLength -= (unsigned short) length;
+            if (!OFStandard::safeSubtract(userLength, OFstatic_cast(short unsigned int, length), userLength))
+              return makeLengthError("SOP Class Extended Negotiation sub-item", userLength, length);
             break;
 
         case DUL_TYPENEGOTIATIONOFUSERIDENTITY_REQ:
@@ -561,7 +571,8 @@
           }
           userInfo->usrIdent = usrIdent;
           buf += length;
-          userLength -= (unsigned short) length;
+          if (!OFStandard::safeSubtract(userLength, OFstatic_cast(short unsigned int, length), userLength))
+            return makeLengthError("User Identity sub-item", userLength, length);
           break;
         default:
             // we hit an unknown user item that is not defined in the standard