Skip to main content

Affinity CVE-2025-64776

| EUVDEUVD-2025-208799 MEDIUM
Out-of-bounds Read (CWE-125)
2026-03-17 talos
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 17, 2026 - 20:30 euvd
EUVD-2025-208799
Analysis Generated
Mar 17, 2026 - 20:30 vuln.today
CVE Published
Mar 17, 2026 - 18:52 nvd
MEDIUM 6.1

DescriptionCVE.org

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

AnalysisAI

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling that allows attackers to read memory beyond allocated buffer boundaries. The vulnerability affects Affinity version 3.0.1.3808 and potentially other versions in the product line. An attacker can craft a malicious EMF file that, when opened by a user, triggers the out-of-bounds read to disclose sensitive information from process memory, with a CVSS score of 6.1 indicating moderate severity with high confidentiality impact and limited availability impact.

Technical ContextAI

The vulnerability resides in Canva Affinity's EMF (Enhanced Metafile) file parser, a legacy Windows graphics format used for document interchange. EMF is a vector graphics format that stores drawing instructions, and improper bounds checking during parsing of malformed EMF records can lead to reading beyond allocated memory buffers. The root cause is classified as CWE-125 (Out-of-bounds Read), a memory safety issue where the application fails to validate array/buffer indices before accessing memory. The affected product is identified via CPE as cpe:2.3:a:canva:affinity, and the Talos Intelligence report (TALOS-2025-2311) indicates the vulnerability was discovered during security research of the EMF parsing subsystem. This type of vulnerability commonly occurs in file format parsers when record length fields are not properly validated before being used as bounds for memory operations.

RemediationAI

Apply the security patch provided by Canva for Affinity; consult the official advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62 for specific version numbers and availability. Until patching is feasible, implement defensive measures such as disabling EMF file import/opening in Affinity if the feature is not essential, using sandboxed or virtualized instances for processing untrusted EMF files, and educating users to avoid opening EMF files from untrusted sources. Network-based mitigations are limited due to the local attack vector, but restricting file access to trusted repositories and monitoring for suspicious EMF file delivery can reduce exposure. Organizations relying on EMF interchange should prioritize patching and consider alternative vector formats (e.g., PDF, SVG) for cross-platform document sharing.

CVE-2025-66342 HIGH
7.8 Mar 17

A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achiev

CVE-2025-64301 HIGH
7.8 Mar 17

An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution

CVE-2025-62500 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, al

CVE-2025-61979 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity,

CVE-2025-64733 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, allow

CVE-2025-66000 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,

CVE-2025-64735 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, af

CVE-2025-66633 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,

CVE-2025-58427 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec

CVE-2025-66617 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec

CVE-2025-47873 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling functionality, affe

CVE-2025-61952 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality that a

Share

CVE-2025-64776 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy