Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
AnalysisAI
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, affecting Affinity 3.0.1.3808 and potentially other versions. An attacker can craft a malicious EMF file that, when opened by a user in Affinity, triggers an out-of-bounds memory read, allowing disclosure of sensitive information from adjacent memory regions. While the CVSS score of 6.1 indicates moderate severity with high confidentiality impact, actual exploitation requires user interaction (opening a file) and is limited to information disclosure without code execution capability.
Technical ContextAI
The vulnerability resides in Canva Affinity's EMF file parser, a component responsible for reading and rendering Windows Enhanced Metafile format documents. EMF is a vector graphics format commonly used in Windows environments that contains structured records defining drawing commands. The root cause is classified under CWE-125 (Out-of-bounds Read), indicating insufficient bounds checking when parsing EMF record structures or bitmap data embedded within EMF files. The affected product is identified via CPE (cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*), confirming this affects the Canva Affinity application suite. When the parser processes a specially crafted EMF file with malformed record headers or oversized data sections, it fails to validate memory access boundaries, allowing reads beyond allocated buffer limits and exposing heap or stack memory contents.
RemediationAI
Immediately upgrade Canva Affinity to the patched version specified in the vendor advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62. Check the Talos report (https://talosintelligence.com/vulnerability_reports/TALOS-2025-2312) for the exact patched version number. Until patching is completed, implement administrative controls by disabling EMF file handling if possible, or restrict user ability to open EMF files from untrusted sources (external emails, downloads, web applications). Educate users to avoid opening EMF files from unverified senders. For enterprise deployments, monitor application logs for EMF file processing errors that may indicate exploitation attempts. Consider file-type restrictions or sandboxing of Affinity for users who handle files from high-risk sources.
A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achiev
An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, al
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, allow
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling that allows attacke
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling functionality, affe
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality that a
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208798