CVE-2025-66503

| EUVD-2025-208804 MEDIUM
2026-03-17 talos
6.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:30 vuln.today
EUVD ID Assigned
Mar 17, 2026 - 20:30 euvd
EUVD-2025-208804
CVE Published
Mar 17, 2026 - 18:52 nvd
MEDIUM 6.1

Tags

Buffer Overflow Information Disclosure Affinity

Description

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Analysis

An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity, allowing attackers to read memory beyond allocated buffer boundaries by crafting malicious EMF files. Affinity version 3.0.1.3808 and potentially earlier versions are affected. An attacker with local access can exploit this vulnerability through user interaction (opening a crafted EMF file) to disclose sensitive information from process memory, with potential for denial of service through application crashes.

Technical Context

The vulnerability resides in the Enhanced Metafile (EMF) handling subsystem of Canva Affinity (cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*). EMF is a vector graphics file format commonly used in Windows environments. The root cause is classified as CWE-125 (Out-of-bounds Read), indicating that the EMF parser fails to properly validate buffer boundaries before reading data structures embedded in EMF file headers or records. This allows an attacker-controlled EMF file to cause the application to read memory locations outside the intended buffer, exposing adjacent heap or stack data. The vulnerability was identified and reported by Cisco Talos Intelligence, suggesting it was discovered through fuzzing or directed security analysis of the EMF parsing code path.

Affected Products

Canva Affinity version 3.0.1.3808 is explicitly confirmed as affected via EUVD-2025-208804. The CPE notation cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:* indicates the vulnerability affects the Affinity product line; the wildcard version field suggests that versions at or before 3.0.1.3808 may be vulnerable, though patch status for later versions should be verified. Consult Canva's official security advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62 for definitive version ranges and patch availability.

Remediation

Upgrade Canva Affinity to the latest version released after 3.0.1.3808, as confirmed through Canva's official security advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62. Until patching is feasible, implement user awareness training to avoid opening EMF files from untrusted sources, disable automatic EMF file preview features if available, and consider restricting file type associations for EMF files at the system level. Additionally, monitor Affinity process execution for unexpected memory access patterns or crashes, which may indicate exploit attempts. For enterprise deployments, enforce application execution policies to restrict Affinity to known-good versions and apply defense-in-depth measures such as sandboxing design applications or running them in isolated user accounts with minimal data access.

Priority Score

31
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +30
POC: 0

Share

CVE-2025-66503 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy