CVE-2025-62403
Out-of-Bounds Read in Canva Affinity EMF Risks Data Exposure
Publication date: 2026-03-17
Last updated on: 2026-03-19
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| canva | affinity | to 3.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-62403 is an out-of-bounds read vulnerability in the EMF (Enhanced Metafile Format) processing functionality of Canva Affinity version 3.0.1.3808.
The vulnerability occurs when processing a specially crafted EMF file, specifically in the EMR_EXTTEXTOUTA record type, which defines ASCII text strings with font and text colors.
The issue arises because the offset to an intercharacter spacing array (offDx) plus the size of that array (Chars * 4) can exceed the size of the record, causing the application to read memory beyond the allocated buffer.
This out-of-bounds read can lead to the disclosure of arbitrary memory within the Affinity process, potentially leaking sensitive information.
How can this vulnerability impact me? :
Exploitation of this vulnerability allows an attacker to perform an out-of-bounds read in the Canva Affinity application, which can lead to the disclosure of sensitive information stored in memory.
Because the vulnerability involves reading arbitrary memory, confidential data processed by the application could be exposed.
The attack requires local access and user interaction, but does not require privileges, and has a high confidentiality impact.
- Potential leakage of sensitive or private data.
- Possible compromise of user privacy due to memory disclosure.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when processing specially crafted EMF files in Canva Affinity version 3.0.1.3808, specifically involving the EMR_EXTTEXTOUTA record type. Detection involves monitoring or analyzing EMF files for malformed EMR_EXTTEXTOUTA records where the offDx field plus (Chars * 4) exceeds the recordSize, which triggers an out-of-bounds read.
Since the vulnerability is triggered locally by opening a crafted EMF file, detection on a network level is limited. On the system, detection can be done by monitoring application crashes or access violations in the libpersona.dll module during EMF file processing.
No specific commands are provided in the resources, but general approaches include:
- Using debugging tools (e.g., WinDbg) to monitor for access violations in libpersona.dll when loading EMF files.
- Scanning EMF files for malformed EMR_EXTTEXTOUTA records where offDx + (Chars * 4) > recordSize.
- Monitoring Canva Affinity application logs or crash reports for signs of out-of-bounds reads or crashes related to EMF file processing.
What immediate steps should I take to mitigate this vulnerability?
The vendor released a patch for this vulnerability on March 17, 2026. The immediate mitigation step is to update Canva Affinity to the patched version that addresses this out-of-bounds read issue.
Additional mitigation steps include:
- Avoid opening untrusted or suspicious EMF files in Canva Affinity until the patch is applied.
- Implement application whitelisting or sandboxing to limit the impact of potential exploitation.
- Monitor for unusual application crashes or behavior related to EMF file processing.