Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
AnalysisAI
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) image processing functionality of Canva Affinity, enabling attackers to read memory beyond allocated buffer boundaries through specially crafted EMF files. The vulnerability affects Canva Affinity version 3.0.1.3808 and potentially other versions, allowing unauthenticated local attackers with no special privileges to trigger the flaw via user interaction (opening a malicious file). Successful exploitation can disclose sensitive information from process memory, with a secondary risk of application instability (low availability impact). No active exploitation in the wild or public proof-of-concept has been confirmed based on available intelligence, but the vulnerability has been formally disclosed by Talos Intelligence and tracked in NIST NVD and ENISA EUVD databases.
Technical ContextAI
The vulnerability resides in the EMF (Enhanced Metafile) file parsing code within Canva Affinity, a professional design application. EMF is a Windows vector graphics format that stores drawing instructions; improper bounds checking during EMF record parsing allows an attacker to craft malicious EMF files with invalid record sizes or offsets that cause out-of-bounds memory access. This falls under CWE-125 (Out-of-bounds Read), a memory safety defect where the application reads data from memory addresses beyond the intended buffer boundaries without proper validation. The affected product is identified via CPE as cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*, indicating the flaw affects the Affinity product line. EMF parsing is a common attack surface in document and media applications due to the complexity of the format and legacy codec implementations.
RemediationAI
Organizations should upgrade Canva Affinity to the patched version released by Canva in response to CVE-2025-65119, as announced in the vendor advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62. Until patching is feasible, restrict user access to untrusted EMF files by disabling EMF import functionality if possible through application preferences, educating users to avoid opening EMF files from untrusted sources, and implementing file type restrictions at network gateways to prevent delivery of EMF files to systems running vulnerable Affinity versions. Consider using application sandboxing or containerization to limit memory disclosure impact if Affinity must handle potentially malicious files. Monitor Talos Intelligence at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2320 and Canva's security channel for patch release announcements.
A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achiev
An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, al
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, allow
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling that allows attacke
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, af
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling functionality, affe
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208800