Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
AnalysisAI
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling functionality, affecting Affinity version 3.0.1.3808 and potentially other versions. An attacker can craft a malicious EMF file that, when opened by a user in Affinity, triggers an out-of-bounds memory read, potentially disclosing sensitive information from process memory such as authentication tokens, cryptographic keys, or other confidential data. The vulnerability requires user interaction (opening a file) and local access, making it a moderate-priority issue with a CVSS base score of 6.1, though the high confidentiality impact warrants prompt patching.
Technical ContextAI
The vulnerability is rooted in improper bounds checking during EMF file parsing within Canva Affinity (CPE: cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*), classified under CWE-125 (Out-of-bounds Read). EMF is a vector graphics format commonly used in Microsoft Windows environments that contains complex record structures. The flaw occurs when Affinity processes specially crafted EMF records without validating that memory reads remain within allocated buffer boundaries. This allows an attacker-controlled file to reference invalid memory offsets, causing the application to read and potentially leak adjacent memory regions. The vulnerability is fundamentally a missing or inadequate bounds validation check in the EMF record deserialization logic.
RemediationAI
Users should upgrade Canva Affinity to a patched version released by Canva following the disclosure timeline; consult the Canva Trust Center advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62 and Talos report at https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2316 for the specific fixed version number. Until an official patch is available, users should avoid opening EMF files from untrusted sources and disable EMF file type handling in Affinity if the application supports it. System administrators can reduce attack surface by restricting user permissions to open files only from verified sources and implementing application whitelisting policies. For organizations that must continue using affected versions, isolate systems handling potentially malicious EMF files on restricted networks with minimal access to sensitive data.
A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achiev
An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, al
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, allow
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling that allows attacke
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, af
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality that a
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208783