Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
AnalysisAI
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity, allowing attackers to read memory beyond allocated buffer boundaries through specially crafted EMF files. Affinity version 3.0.1.3808 and potentially earlier versions are affected, with the vulnerability requiring only local access and user interaction (opening a malicious file) to trigger. Successful exploitation enables disclosure of sensitive information from application memory, with potential limited impact on system availability; no active exploitation or public proof-of-concept has been confirmed at this time based on available intelligence sources.
Technical ContextAI
The vulnerability resides in Canva Affinity's EMF (Enhanced Metafile) file parsing subsystem, which handles a Windows-specific vector graphics format. EMF processing involves deserializing binary structures and reading metadata records from the file format. The root cause is classified under CWE-125 (Out-of-Bounds Read), indicating inadequate bounds checking when parsing EMF record structures or parameters. The affected product is identified via CPE (cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*), confirming the issue spans Canva's Affinity design application suite. When processing a maliciously crafted EMF file, the parser fails to validate that read operations remain within the bounds of allocated buffers, enabling an attacker-controlled file to trigger reads from unintended memory regions.
RemediationAI
Upgrade Canva Affinity to the patched version released by Canva (specific version number and availability should be confirmed via the official Canva security advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62). Until patches are available or deployed, restrict the opening of EMF files from untrusted sources, disable EMF import functionality if not required, and educate users to avoid opening suspicious files. Organizations should monitor the Talos Intelligence report (https://talosintelligence.com/vulnerability_reports/TALOS-2025-2319) and official Canva channels for patch release announcements and apply updates immediately upon availability.
A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achiev
An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, al
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, allow
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling that allows attacke
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, af
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling functionality, affe
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208802