Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
AnalysisAI
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity, allowing attackers to read memory beyond allocated buffer boundaries when processing specially crafted EMF files. The vulnerability affects Canva Affinity version 3.0.1.3808 and potentially other versions in the product line; attackers with local access and user interaction can trigger the flaw to disclose sensitive information from process memory. While the CVSS score of 6.1 indicates medium severity with high confidentiality impact and low availability impact, the attack requires local file system access and user interaction (opening a malicious EMF file), limiting widespread exploitation risk.
Technical ContextAI
The vulnerability resides in Canva Affinity's EMF (Enhanced Metafile) file parser, a legacy Windows graphics format handler that processes vector-based drawing instructions. The root cause is classified under CWE-125 (Out-of-bounds Read), a memory safety vulnerability where the parser fails to validate buffer boundaries before reading EMF record structures, potentially allowing it to access memory regions outside the intended allocation. EMF files contain records with variable-length data, and improper bounds checking during record parsing enables attackers to craft files with malformed record headers or oversized data fields that cause the parser to read adjacent memory. The affected product is identified via CPE as cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*, confirming the vulnerability spans Canva's Affinity design application suite.
RemediationAI
Upgrade Canva Affinity to the latest patched version provided by the vendor; consult the official Canva security advisory (https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62) for specific patch version numbers. Until patching is completed, implement mitigations by disabling or restricting EMF file handling in Affinity if alternative file formats are acceptable, educating users not to open EMF files from untrusted sources, and deploying file-type filtering policies to block EMF downloads in email and web gateways. Organizations can monitor for exploitation attempts by tracking access to Affinity crash dumps and memory errors in log files, and isolating affected systems from critical data repositories if suspicious EMF file opens are detected.
A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achiev
An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, al
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, allow
An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling that allows attacke
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, af
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling functionality, affe
An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality that a
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208807