Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.
AnalysisAI
A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achieve arbitrary code execution through specially crafted EMF files. The vulnerability affects Affinity version 3.0.1.3808 and requires user interaction to trigger, as victims must open a malicious EMF file. With a CVSS score of 7.8 and local attack vector, this represents a significant risk for users handling untrusted graphic files, though no active exploitation or public POC has been reported.
Technical ContextAI
The vulnerability stems from improper type handling in Canva Affinity's EMF file parser, classified as CWE-843 (Access of Resource Using Incompatible Type - Type Confusion). EMF files are Windows vector graphics formats commonly used for clip art and diagrams. When Affinity processes a malformed EMF file, the type confusion leads to memory corruption where the application interprets data as a different type than intended. The affected product is identified through CPE as cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*, indicating all Affinity products (Designer, Photo, Publisher) are potentially vulnerable. This class of vulnerability is particularly dangerous because type confusion can allow attackers to manipulate memory layouts and hijack control flow.
RemediationAI
Update Canva Affinity to the latest version as recommended in the vendor's security advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62. Until patching is complete, avoid opening EMF files from untrusted sources and consider implementing application control policies to prevent execution from common download folders. Organizations should educate users about the risks of opening graphic files from unknown sources and consider using sandboxed environments for processing potentially malicious files. For detailed technical information about the vulnerability, see Talos Intelligence's report at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2297.
An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, al
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, allow
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling that allows attacke
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, af
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling functionality, affe
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality that a
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208803