Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
AnalysisAI
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity, allowing an attacker to read memory beyond allocated buffer boundaries by crafting a malicious EMF file. This vulnerability affects Canva Affinity version 3.0.1.3808 and potentially earlier versions, and requires user interaction (opening a specially crafted file) but no elevated privileges to exploit. Successful exploitation can disclose sensitive information from process memory, with potential for limited availability impact; no public exploit code or active exploitation in the wild has been confirmed based on available intelligence.
Technical ContextAI
The vulnerability resides in Canva Affinity's EMF (Enhanced Metafile) file parser, a graphics format commonly used in Windows environments for vector graphics and document rendering. The root cause is classified under CWE-125 (Out-of-bounds Read), a memory safety defect where the parser fails to properly validate buffer boundaries when reading EMF record structures or metadata. When a malformed EMF file is processed, the parser attempts to read beyond the allocated memory region assigned to store EMF data, potentially exposing adjacent heap or stack memory containing sensitive information such as encryption keys, API tokens, or other process state. The affected product is specifically Canva Affinity (CPE: cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*), a design and productivity application that handles multiple file formats including EMF for compatibility with Microsoft Office and other tools.
RemediationAI
The primary remediation is to upgrade Canva Affinity to a patched version released by Canva following coordination with Talos Intelligence; users should immediately check the Canva security advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62 for available patches and apply them without delay. Until a patch is available or deployed, implement preventive controls by disabling EMF file import functionality if operationally feasible, educating users not to open EMF files from untrusted sources, and enforcing file type restrictions at the application level. Additionally, isolate systems running vulnerable Affinity versions from high-sensitivity networks and monitor process memory for signs of unauthorized access or data exfiltration through endpoint detection and response (EDR) tools if data classification warrants such monitoring.
A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achiev
An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, al
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, allow
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling that allows attacke
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, af
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling functionality, affe
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality that a
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208789