Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
AnalysisAI
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, allowing an attacker to read memory beyond allocated buffer boundaries by supplying a specially crafted EMF file. Affected versions include Affinity 3.0.1.3808 and potentially other releases in the Affinity product line. Successful exploitation could disclose sensitive information from application memory, though the vulnerability does not enable code execution or denial of service; however, the local attack vector and user interaction requirement (opening a malicious file) limit real-world impact compared to network-exploitable vulnerabilities.
Technical ContextAI
The vulnerability is classified as CWE-125 (Out-of-bounds Read), a memory safety issue arising from improper bounds checking in the EMF file parser within Canva Affinity. EMF is a vector graphics format commonly used in Windows environments for clipboard data and document embedding. The affected product is identified via CPE cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*, indicating the entire Affinity application suite is in scope. The root cause involves the parser failing to validate record length fields or array indices before dereferencing memory, allowing an attacker-controlled EMF file to specify offsets or sizes that exceed allocated heap or stack buffers, leading to information disclosure from adjacent memory regions.
RemediationAI
Immediately update Canva Affinity to the patched version released by Canva; refer to the vendor security advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62 for the specific fixed version and download instructions. Until patching is completed, implement compensating controls: (1) avoid opening EMF files from untrusted sources, particularly those received via email or downloaded from the internet; (2) educate users on the risks of opening unusual or unsolicited EMF files in Affinity; (3) consider restricting Affinity usage to air-gapped or isolated environments if handling untrusted graphic content is unavoidable. No network-level mitigations are applicable given the local-only attack vector, but endpoint detection and response (EDR) tools configured to monitor for unusual memory access patterns or Affinity crashes may provide indirect detection capability.
A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achiev
An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, al
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling that allows attacke
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, af
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling functionality, affe
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality that a
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208797