VYPR
← All advisories
High severity8.2NVD Advisory· Published Jun 2, 2026

CVE-2021-4478

CVE-2021-4478

Description

Dräger CC-Vision Basic and E-Cal are vulnerable to out-of-bounds writes via crafted .gdt files, potentially leading to crashes or code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Dräger CC-Vision Basic and E-Cal are vulnerable to out-of-bounds writes via crafted .gdt files, potentially leading to crashes or code execution.

Vulnerability

Dräger CC-Vision Basic versions prior to 7.5.3 and Dräger CC-Vision E-Cal versions prior to 7.2.5.0 contain an out-of-bounds write vulnerability. This vulnerability occurs when the application parses specially crafted .gdt files, leading to a buffer overflow.

Exploitation

An attacker can exploit this vulnerability by providing a malicious .gdt file to the vulnerable application. The exact conditions for triggering the vulnerable code path, such as whether user interaction or specific file access permissions are required, are not detailed in the available references.

Impact

Successful exploitation of this vulnerability can lead to a denial-of-service condition by crashing the application. Additionally, it may allow an attacker to execute arbitrary malicious code on the underlying system, potentially compromising its integrity and confidentiality.

Mitigation

Dräger CC-Vision Basic versions 7.5.3 and later, and Dräger CC-Vision E-Cal versions 7.2.5.0 and later, are not affected by this vulnerability. Users are advised to update to these fixed versions. Information regarding specific patch release dates or workarounds is not yet disclosed in the available references. [1]

References
  1. Dräger Security | Coordinated Disclosure Statement

AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.