EUVD-2025-208791

| CVE-2025-62403 MEDIUM
2026-03-17 talos
6.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 17, 2026 - 20:30 euvd
EUVD-2025-208791
Analysis Generated
Mar 17, 2026 - 20:30 vuln.today
CVE Published
Mar 17, 2026 - 18:52 nvd
MEDIUM 6.1

Tags

Information Disclosure Buffer Overflow Affinity

Description

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Analysis

An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity, allowing attackers to read memory beyond allocated buffer boundaries when processing specially crafted EMF files. The vulnerability affects Canva Affinity version 3.0.1.3808 and potentially other versions, requiring local access and user interaction (opening a malicious EMF file). Successful exploitation can lead to disclosure of sensitive information from process memory, with limited impact on system availability. No active exploitation in the wild has been confirmed via KEV status, and the CVSS 6.1 score reflects moderate risk balanced between high confidentiality impact and lower attack complexity.

Technical Context

The vulnerability resides in the EMF (Enhanced Metafile) file parser within Canva Affinity, a design and graphics application (CPE: cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*). EMF is a vector graphics format commonly used in Windows environments for storing graphical data. The root cause is classified under CWE-125 (Out-of-bounds Read), a memory safety issue where the parser fails to validate buffer boundaries before reading EMF structure data. This allows an attacker to craft a malicious EMF file with field values that cause the parser to read beyond the allocated buffer, accessing adjacent memory regions. The vulnerability is not a traditional buffer overflow (stack/heap write) but rather an information disclosure vector through unvalidated read operations during file parsing.

Affected Products

Canva Affinity version 3.0.1.3808 is confirmed affected via EUVD ID EUVD-2025-208791. The vulnerability likely affects other Affinity versions as the EMF parser is core functionality; specific version ranges have not been disclosed in available advisories. The affected product is identified by CPE cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*. Users should consult Canva's security advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62 and Talos Intelligence's detailed report at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2321 for definitive patched version information and mitigation guidance.

Remediation

Upgrade Canva Affinity to the patched version as specified in Canva's official security advisory (https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62). Until patching is feasible, implement user awareness training to avoid opening EMF files from untrusted sources, and restrict EMF file handling by disabling EMF file association in Affinity if the feature is not critical to workflows. For enterprise deployments, enforce application whitelisting or sandboxing of Affinity to limit memory disclosure impact. Additionally, monitor file operations and process memory access logs for suspicious EMF parsing activity to detect potential exploitation attempts.

Priority Score

31
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +30
POC: 0

Share

EUVD-2025-208791 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy