CVE-2025-65119
Out-of-Bounds Read in Canva Affinity EMF Risks Data Leak
Publication date: 2026-03-17
Last updated on: 2026-03-19
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| canva | affinity | to 3.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-65119 is an out-of-bounds read vulnerability in the EMF (Enhanced Metafile Format) processing functionality of Canva Affinity version 3.0.1.3808.
The vulnerability arises from improper handling of the EMR_POLYGON record type within EMF files. Specifically, the Count field in the EMR_POLYGON record, which indicates the number of PointL objects, can be set to an excessively large value that is not properly validated against the record size.
This causes the application to read memory beyond the allocated buffer when iterating over the aPoints array, leading to an out-of-bounds read and an access violation.
An attacker can exploit this by using a specially crafted EMF file to trigger this flaw during EMF file processing.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the processing of EMF files in Canva Affinity version 3.0.1.3808, specifically looking for crashes or access violations caused by out-of-bounds reads during EMF file handling.
Detection involves identifying specially crafted EMF files with an excessively large Count value in the EMR_POLYGON record that leads to memory access violations.
One approach is to enable debugging tools such as pageheap to catch access violations (code c0000005) during EMF file processing.
While no specific commands are provided, you can use system or application crash logs to detect access violations related to EMF file processing in Canva Affinity.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the vendor-released patch for Canva Affinity, which was made available on March 17, 2026.
Until the patch is applied, avoid opening or processing untrusted or specially crafted EMF files in Canva Affinity to prevent exploitation.
Additionally, monitor for any unusual application crashes or access violations that may indicate exploitation attempts.
How can this vulnerability impact me? :
This vulnerability can lead to the disclosure of sensitive information from the process memory of Canva Affinity.
Because it is an out-of-bounds read, an attacker could potentially access data that should not be accessible, which may include confidential or private information.
The vulnerability has a CVSSv3 score of 6.1, indicating a medium severity impact, with confidentiality impact rated high, but no integrity impact.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know