CVE-2025-64776
Out-of-Bounds Read in Canva Affinity EMF Risks Data Exposure
Publication date: 2026-03-17
Last updated on: 2026-03-19
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| canva | affinity | to 3.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to cause your Canva Affinity application to read memory outside of its intended bounds.
Such out-of-bounds reads can lead to the disclosure of sensitive information stored in memory.
Additionally, the vulnerability can cause the application to crash due to access violations, potentially affecting availability.
Can you explain this vulnerability to me?
CVE-2025-64776 is an out-of-bounds read vulnerability found in the EMF (Enhanced Metafile Format) processing functionality of Canva Affinity version 3.0.1.3808.
The vulnerability occurs specifically in the handling of the EMR_BITBLT record within EMF files, where a field called offBmiSrc is not properly validated against the record size.
If offBmiSrc is larger than the allowed size, the program reads memory beyond the allocated buffer, causing an out-of-bounds read.
This can lead to an access violation crash and potentially disclose sensitive information from memory.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or access violations in the Canva Affinity application when processing EMF files, especially those containing malformed EMR_BITBLT records with invalid offBmiSrc values.
Enabling debugging tools such as pageheap can help identify out-of-bounds reads by detecting access violations (code c0000005) caused by invalid memory access during EMF file processing.
Since the vulnerability is triggered by specially crafted EMF files, scanning or filtering EMF files before opening them in Canva Affinity can help detect potentially malicious files.
Specific commands are not provided in the resources, but general approaches include using debugging tools (e.g., WinDbg with pageheap enabled) to monitor for crashes or memory access violations in the libpersona.dll module when handling EMF files.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding opening untrusted or suspicious EMF files in Canva Affinity, especially version 3.0.1.3808 or affected versions.
Applying any available patches or updates from the vendor that address this vulnerability is recommended once they are released.
Implementing security controls such as restricting user permissions to limit local attack vectors and educating users to avoid interacting with untrusted EMF files can reduce risk.