CVE-2025-64301
Received Received - Intake
Out-of-Bounds Write in Canva Affinity EMF Enables Code Execution

Publication date: 2026-03-17

Last updated on: 2026-03-19

Assigner: Talos

Description
An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-17
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-03-17
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64301
EUVD
EUVD-2025-208795
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
canva affinity to 3.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

I don't know

Executive Summary

CVE-2025-64301 is an out-of-bounds write vulnerability in the EMF (Enhanced Metafile Format) processing functionality of Canva Affinity, specifically in version 3.0.1.3808.

The vulnerability arises because the application does not properly validate the HeaderSize field within the DIBHeaderInfo structure of the EMR_CREATEDIBPATTERNBRUSHPT record in EMF files.

When a specially crafted EMF file is loaded, the program copies more data than the allocated buffer can hold during a memcpy operation, leading to an out-of-bounds write.

This memory corruption can potentially allow an attacker to execute arbitrary code.

Impact Analysis

[{'type': 'paragraph', 'content': 'Exploitation of this vulnerability can lead to arbitrary code execution on the affected system.'}, {'type': 'paragraph', 'content': 'An attacker could use a specially crafted EMF file to trigger the out-of-bounds write, causing memory corruption.'}, {'type': 'paragraph', 'content': "This could result in compromise of the system's confidentiality, integrity, and availability."}] [1]

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying the presence of specially crafted EMF files that exploit the out-of-bounds write in Canva Affinity version 3.0.1.3808. Since the issue arises during EMF file processing, detection involves monitoring or scanning for suspicious EMF files with abnormal HeaderSize values in the DIBHeaderInfo structure.'}, {'type': 'paragraph', 'content': "Commands to detect potentially malicious EMF files could include searching for EMF files on the system and analyzing their headers for irregularities. For example, using tools like 'strings' or custom scripts to parse EMF files and check the HeaderSize field against expected sizes."}, {'type': 'list_item', 'content': "Find EMF files on the system: `find / -type f -name '*.emf'`"}, {'type': 'list_item', 'content': 'Extract and inspect EMF header information (requires custom parsing or specialized tools).'}, {'type': 'list_item', 'content': 'Monitor file downloads or email attachments for EMF files to prevent opening malicious files.'}] [1]

Mitigation Strategies

Immediate mitigation steps include avoiding opening EMF files from untrusted or unknown sources in Canva Affinity version 3.0.1.3808, as exploitation requires user interaction.

Additionally, monitor for updates or patches from Canva Affinity that address this vulnerability and apply them as soon as they become available.

Implement security best practices such as restricting user permissions to limit the impact of potential exploitation and scanning incoming files for malicious content.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64301. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart