CVE-2025-58427

| EUVD-2025-208785 MEDIUM
2026-03-17 talos
6.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 17, 2026 - 20:30 euvd
EUVD-2025-208785
Analysis Generated
Mar 17, 2026 - 20:30 vuln.today
CVE Published
Mar 17, 2026 - 18:52 nvd
MEDIUM 6.1

Tags

Buffer Overflow Information Disclosure Affinity

Description

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Analysis

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affecting Affinity version 3.0.1.3808 and potentially other versions. An attacker can craft a malicious EMF file that, when opened by a user in Affinity, triggers an out-of-bounds memory read, potentially disclosing sensitive information from process memory. With a CVSS score of 6.1 and a local attack vector requiring user interaction, this vulnerability poses a moderate risk of information disclosure with minimal availability impact.

Technical Context

The vulnerability resides in Canva Affinity's EMF (Enhanced Metafile) file parsing logic, which is responsible for interpreting Windows-based vector graphics files. EMF is a legacy Microsoft graphics format that contains sequences of graphics device interface (GDI) commands. The root cause is classified under CWE-125 (Out-of-bounds Read), indicating that the EMF parser fails to properly validate buffer boundaries when processing EMF record structures or embedded data. When a crafted EMF file with malformed record headers or oversized data fields is processed, the parser reads beyond allocated memory buffers, exposing adjacent heap or stack memory. The affected product is identified via CPE cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*, confirming this affects Canva's Affinity design suite across multiple versions.

Affected Products

Canva Affinity version 3.0.1.3808 is explicitly confirmed as vulnerable according to EUVD-2025-208785. The CPE pattern cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:* indicates that the vulnerability potentially affects multiple versions of Canva Affinity, though the precise version range prior to patching is not fully enumerated in the available data. Users should consult the vendor security advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62 and the Talos Intelligence report at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2314 for definitive version boundaries and patch availability.

Remediation

Immediately upgrade Canva Affinity to the patched version referenced in the Canva trust advisory (https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62). Until patching is complete, users should avoid opening EMF files from untrusted sources and consider disabling EMF import functionality if not essential to workflow. System administrators should restrict file uploads and enforce content scanning for EMF files in shared repositories. Endpoint detection and response (EDR) tools should be configured to alert on abnormal memory access patterns in Affinity processes. As a compensating control, restrict Affinity execution to isolated user contexts to limit the sensitivity of disclosed information.

Priority Score

31
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +30
POC: 0

Share

CVE-2025-58427 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy