CVE-2025-64301
Out-of-Bounds Write in Canva Affinity EMF Enables Code Execution
Publication date: 2026-03-17
Last updated on: 2026-03-19
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| canva | affinity | to 3.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2025-64301 is an out-of-bounds write vulnerability in the EMF (Enhanced Metafile Format) processing functionality of Canva Affinity, specifically in version 3.0.1.3808.
The vulnerability arises because the application does not properly validate the HeaderSize field within the DIBHeaderInfo structure of the EMR_CREATEDIBPATTERNBRUSHPT record in EMF files.
When a specially crafted EMF file is loaded, the program copies more data than the allocated buffer can hold during a memcpy operation, leading to an out-of-bounds write.
This memory corruption can potentially allow an attacker to execute arbitrary code.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'Exploitation of this vulnerability can lead to arbitrary code execution on the affected system.'}, {'type': 'paragraph', 'content': 'An attacker could use a specially crafted EMF file to trigger the out-of-bounds write, causing memory corruption.'}, {'type': 'paragraph', 'content': "This could result in compromise of the system's confidentiality, integrity, and availability."}] [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying the presence of specially crafted EMF files that exploit the out-of-bounds write in Canva Affinity version 3.0.1.3808. Since the issue arises during EMF file processing, detection involves monitoring or scanning for suspicious EMF files with abnormal HeaderSize values in the DIBHeaderInfo structure.'}, {'type': 'paragraph', 'content': "Commands to detect potentially malicious EMF files could include searching for EMF files on the system and analyzing their headers for irregularities. For example, using tools like 'strings' or custom scripts to parse EMF files and check the HeaderSize field against expected sizes."}, {'type': 'list_item', 'content': "Find EMF files on the system: `find / -type f -name '*.emf'`"}, {'type': 'list_item', 'content': 'Extract and inspect EMF header information (requires custom parsing or specialized tools).'}, {'type': 'list_item', 'content': 'Monitor file downloads or email attachments for EMF files to prevent opening malicious files.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding opening EMF files from untrusted or unknown sources in Canva Affinity version 3.0.1.3808, as exploitation requires user interaction.
Additionally, monitor for updates or patches from Canva Affinity that address this vulnerability and apply them as soon as they become available.
Implement security best practices such as restricting user permissions to limit the impact of potential exploitation and scanning incoming files for malicious content.