CVE-2025-61952
Out-of-Bounds Read in Canva Affinity EMF Risks Data Exposure
Publication date: 2026-03-17
Last updated on: 2026-03-19
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| canva | affinity | to 3.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-61952 is an out-of-bounds read vulnerability in the EMF (Enhanced Metafile Format) processing functionality of Canva Affinity. It occurs when the application processes a specially crafted EMF file containing a malformed EMR_POLYBEZIER record with an excessively large Count value. This causes the software to read memory beyond the allocated bounds while accessing the aPoints array, leading to an out-of-bounds read.
This vulnerability requires local access and user interaction, has low attack complexity, and does not require privileges. Exploiting it can lead to disclosure of arbitrary memory contents within the affected process.
How can this vulnerability impact me? :
Exploiting this vulnerability allows an attacker to read memory outside the intended bounds of the application, potentially disclosing sensitive information stored in memory.
The impact includes a high confidentiality risk, as attackers can access arbitrary memory contents, but it does not affect the integrity of data or cause significant availability issues.
Because the attack requires local access and user interaction, the risk is limited to scenarios where an attacker can convince a user to open a malicious EMF file.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves processing specially crafted EMF files in Canva Affinity, leading to out-of-bounds reads. Detection involves monitoring or analyzing EMF files processed by the application, especially those containing malformed EMR_POLYBEZIER records with unusually large Count values.'}, {'type': 'paragraph', 'content': 'One approach is to use debugging tools with pageheap enabled to detect access violations (such as code c0000005) during EMF file processing, which indicates out-of-bounds memory access.'}, {'type': 'paragraph', 'content': 'Since the vulnerability requires local user interaction, scanning for suspicious or malformed EMF files on the system or monitoring application logs for crashes or access violations related to EMF processing can help detect exploitation attempts.'}, {'type': 'paragraph', 'content': "No specific commands are provided in the resources, but using Windows debugging tools like WinDbg with pageheap enabled to trace Canva Affinity's handling of EMF files can be effective."}] [2, 1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Canva Affinity to the latest version, specifically version 3.1.0 or later, where this vulnerability has been fixed.
Avoid opening or processing untrusted or suspicious EMF files, as exploitation requires user interaction with a specially crafted EMF file.
Implement local access controls to limit who can run Canva Affinity and open EMF files, reducing the risk of exploitation.