Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
AnalysisAI
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity, affecting version 3.0.1.3808 and potentially earlier releases. An attacker can craft a malicious EMF file that, when opened by a user in Affinity, triggers an out-of-bounds memory read, potentially disclosing sensitive information from adjacent memory regions. The vulnerability requires user interaction (opening a file) but no elevated privileges, with a CVSS score of 6.1 indicating moderate severity; while not currently listed in CISA's Known Exploited Vulnerabilities catalog, the straightforward attack vector and information disclosure impact warrant prompt patching.
Technical ContextAI
The vulnerability resides in Canva Affinity's EMF file parser, which handles Microsoft's Enhanced Metafile format—a vector graphics file format used for rendering graphics and text. The root cause is classified as CWE-125 (Out-of-bounds Read), a memory safety issue where the parser fails to properly validate EMF record boundaries or array indices before accessing memory. When processing a specially crafted EMF file with malformed record structures or size fields, the parser reads beyond allocated buffer boundaries, accessing adjacent heap or stack memory. This is particularly dangerous in graphical applications where EMF files may be automatically processed from untrusted sources. The affected product is identified via CPE as cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*, with confirmed impact on version 3.0.1.3808.
RemediationAI
Immediately upgrade Canva Affinity to the patched version released by Canva in response to CVE-2025-66000; consult Canva's official advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62 for the exact patched version number and download links. If immediate patching is not possible, implement procedural controls by restricting the opening of EMF files from untrusted sources and disabling automatic EMF processing in Affinity preferences if available. For enterprise deployments, configure application whitelisting or sandboxing to isolate Affinity when processing external design files, and conduct user training to avoid opening unsolicited EMF files. Once patching is completed, verify the update via Affinity's About dialog or update log to confirm the vulnerability has been addressed.
A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achiev
An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, al
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, allow
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling that allows attacke
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, af
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling functionality, affe
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality that a
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208801