Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code execution.
AnalysisAI
An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution by crafting malicious EMF (Enhanced Metafile) image files. The vulnerability affects Affinity version 3.0.1.3808 and requires user interaction to open the malicious file, but then grants full system compromise with high impact to confidentiality, integrity, and availability. No evidence of active exploitation or public proof-of-concept exists, and the local attack vector with user interaction requirement reduces immediate risk.
Technical ContextAI
The vulnerability resides in Canva Affinity's EMF (Enhanced Metafile) file format parser, specifically affecting the product identified by CPE cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*. EMF is a Windows-based vector graphics format commonly used for printing and document embedding. The root cause is CWE-787 (Out-of-bounds Write), a memory corruption class where the application writes data beyond allocated buffer boundaries during EMF file parsing. This type of vulnerability typically occurs when file format parsers fail to properly validate input data sizes or field lengths, allowing attackers to overwrite adjacent memory regions with controlled data.
RemediationAI
Update Canva Affinity to the latest version beyond 3.0.1.3808 as recommended in the vendor advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62. Until patching is complete, implement user awareness training to avoid opening EMF files from untrusted sources, consider blocking EMF file types at email gateways and web proxies, and enable application sandboxing or virtualization for high-risk users who must process external graphics files. Full technical details are available in the Talos report at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2310.
A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achiev
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, al
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, allow
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling that allows attacke
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, af
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling functionality, affe
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality that a
Same weakness CWE-787 – Out-of-bounds Write
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208795