EUVD-2025-208803

| CVE-2025-66342 HIGH
2026-03-17 talos
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 17, 2026 - 20:30 euvd
EUVD-2025-208803
Analysis Generated
Mar 17, 2026 - 20:30 vuln.today
CVE Published
Mar 17, 2026 - 18:52 nvd
HIGH 7.8

Tags

Buffer Overflow RCE Memory Corruption Affinity

Description

A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.

Analysis

A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achieve arbitrary code execution through specially crafted EMF files. The vulnerability affects Affinity version 3.0.1.3808 and requires user interaction to trigger, as victims must open a malicious EMF file. With a CVSS score of 7.8 and local attack vector, this represents a significant risk for users handling untrusted graphic files, though no active exploitation or public POC has been reported.

Technical Context

The vulnerability stems from improper type handling in Canva Affinity's EMF file parser, classified as CWE-843 (Access of Resource Using Incompatible Type - Type Confusion). EMF files are Windows vector graphics formats commonly used for clip art and diagrams. When Affinity processes a malformed EMF file, the type confusion leads to memory corruption where the application interprets data as a different type than intended. The affected product is identified through CPE as cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*, indicating all Affinity products (Designer, Photo, Publisher) are potentially vulnerable. This class of vulnerability is particularly dangerous because type confusion can allow attackers to manipulate memory layouts and hijack control flow.

Affected Products

Canva Affinity version 3.0.1.3808 is confirmed vulnerable according to ENISA EUVD data, though the CPE string (cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*) suggests all versions may be affected. This includes the entire Affinity suite of creative applications - Affinity Designer, Affinity Photo, and Affinity Publisher. Users should consult Canva's security advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62 for the most current version information and patch availability.

Remediation

Update Canva Affinity to the latest version as recommended in the vendor's security advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62. Until patching is complete, avoid opening EMF files from untrusted sources and consider implementing application control policies to prevent execution from common download folders. Organizations should educate users about the risks of opening graphic files from unknown sources and consider using sandboxed environments for processing potentially malicious files. For detailed technical information about the vulnerability, see Talos Intelligence's report at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2297.

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +39
POC: 0

Share

EUVD-2025-208803 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy