Description
Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during file parsing, allowing an attacker to crash the application or execute malicious code on the underlying system.
Published: 2026-06-02
Score: 8.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out-of-bounds write in the parser for .gdt files in Dräger CC-Vision Basic and CC-Vision E-Cal can overflow a buffer. A crafted file causes the application to crash or launch arbitrary code on the host. The flaw carries a CVSS score of 8.3, indicating high severity and the potential for remote code execution.

Affected Systems

Dräger CC-Vision Basic versions prior to 7.5.3 and Dräger CC-Vision E-Cal versions prior to 7.2.5.0 are vulnerable. These medical imaging products are used in clinical settings, so any device running an affected version falls under the impact scope.

Risk and Exploitability

The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, but the high CVSS score and lack of defensive mitigations suggest a considerable risk. The attack vector likely involves supplying a malicious .gdt file to the vulnerable application, which could be achieved remotely if the system accepts files from a network share or locally by an attacker with file‑system access. No immediate official workaround was published, so the principal mitigation is upgrading to a fixed release. Without an upgrade, the flaw could allow an attacker to compromise device integrity and availability.

Generated by OpenCVE AI on June 3, 2026 at 03:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dräger CC-Vision Basic to version 7.5.3 or later.
  • Upgrade Dräger CC-Vision E-Cal to version 7.2.5.0 or later.
  • Restrict the application from loading .gdt files from untrusted sources by adjusting file permissions or disabling file upload features.
  • Enable operating‑system hardening such as DEP and ASLR to limit the impact of any remaining buffer overflow.
  • Monitor system logs for abnormal crashes or unauthorized process execution.

Generated by OpenCVE AI on June 3, 2026 at 03:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://static.draeger.com/security cve-icon cve-icon
History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during file parsing, allowing an attacker to crash the application or execute malicious code on the underlying system.
Title Dräger CC-Vision Basic and CC-Vision E-Cal Out-of-Bounds Write via Malicious GDT File
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H'}

cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-02T19:17:28.316Z

Reserved: 2026-06-02T19:14:41.744Z

Link: CVE-2021-4478

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-02T20:16:28.197

Modified: 2026-06-02T20:16:28.197

Link: CVE-2021-4478

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T03:30:06Z

Weaknesses