Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
AnalysisAI
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, allowing attackers to read memory beyond allocated buffer boundaries. Affinity version 3.0.1.3808 and potentially earlier versions are affected. By crafting a malicious EMF file, an unauthenticated attacker with local file system access can trigger the vulnerability through user interaction (opening the file), potentially disclosing sensitive information such as API keys, credentials, or other data resident in adjacent memory regions. The vulnerability has a CVSS score of 6.1 indicating medium severity with high confidentiality impact but limited integrity and availability consequences.
Technical ContextAI
The vulnerability resides in Canva Affinity's EMF (Enhanced Metafile) file parser, a Microsoft vector graphics format commonly used in Windows environments. EMF files contain structured records that describe graphical operations; the parser fails to properly validate buffer boundaries when processing these records, resulting in an out-of-bounds read condition classified under CWE-125 (Out-of-bounds Read). The affected product is identified via CPE cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*, indicating all versions of Canva Affinity may be vulnerable. The root cause is improper input validation during EMF record deserialization; insufficient bounds checking allows reading of memory locations beyond the intended buffer allocation, a classic memory safety issue common in C/C++ implementations of file format parsers.
RemediationAI
Upgrade Canva Affinity to the latest patched version released by Canva following the security advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62. Until patching is completed, implement compensating controls including restricting use of Affinity to trusted, internally-sourced design files only and avoiding opening EMF files from untrusted origins or third-party sources. Additionally, run Affinity with least-privilege user accounts and utilize operating system-level sandboxing or application whitelisting to limit the impact of potential memory disclosure. Monitor the Talos Intelligence report and NVD entry at https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2298 and https://nvd.nist.gov/vuln/detail/CVE-2025-62500 for patch availability timelines and additional technical details.
A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achiev
An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, allow
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling that allows attacke
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, af
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling functionality, affe
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality that a
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208793