CVE-2025-58427
Out-of-Bounds Read in Canva Affinity EMF Risks Data Exposure
Publication date: 2026-03-17
Last updated on: 2026-03-19
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| canva | affinity | to 3.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58427 is an out-of-bounds read vulnerability in the EMF (Enhanced Metafile Format) functionality of Canva Affinity version 3.0.1.3808.
The vulnerability occurs due to improper handling of the EMR_EXTTEXTOUTW record within EMF files. Specifically, the offDx field, which indicates the offset to an intercharacter spacing array, can be set to a value larger than the record size.
When this happens, the application reads memory beyond the allocated buffer, causing an out-of-bounds read. This can lead to the disclosure of sensitive information from the process memory.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can allow an attacker to cause an out-of-bounds read in the Canva Affinity application by using a specially crafted EMF file.'}, {'type': 'paragraph', 'content': "The impact is primarily the potential disclosure of sensitive information from the application's memory, which could include confidential data."}, {'type': 'paragraph', 'content': 'The vulnerability has a CVSS v3.1 base score of 6.1, indicating a medium severity with high confidentiality impact but no integrity or availability impact.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves processing specially crafted EMF files with a malformed EMR_EXTTEXTOUTW record, specifically where the offDx field exceeds the recordSize, causing an out-of-bounds read.'}, {'type': 'paragraph', 'content': 'To detect this vulnerability on your system, you should monitor for the presence or processing of suspicious EMF files, especially those with abnormal or oversized offDx values in the EMR_EXTTEXTOUTW records.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is local and triggered by opening or processing crafted EMF files in Canva Affinity 3.0.1.3808, detection commands would focus on identifying such files or monitoring application behavior.'}, {'type': 'list_item', 'content': "Use file scanning tools to search for EMF files in your environment: e.g., `find / -type f -name '*.emf'` on Unix-like systems."}, {'type': 'list_item', 'content': 'Use a hex editor or scripting tools (e.g., Python with a binary parsing library) to inspect EMF files for EMR_EXTTEXTOUTW records and validate the offDx field against recordSize.'}, {'type': 'list_item', 'content': 'Monitor application logs or enable debugging with pageheap (on Windows) to detect out-of-bounds read errors or crashes when processing EMF files.'}, {'type': 'paragraph', 'content': 'No specific ready-made commands or signatures are provided in the available resources.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to apply the vendor-released patch for Canva Affinity version 3.0.1.3808, which addresses this out-of-bounds read vulnerability.
Until the patch is applied, avoid opening or processing untrusted or suspicious EMF files within Canva Affinity to prevent exploitation.
Additionally, consider restricting access to EMF files from untrusted sources and monitoring for unusual application behavior or crashes related to EMF file handling.