CVE-2025-66042
Out-of-Bounds Read in Canva Affinity EMF Risks Data Leak
Publication date: 2026-03-17
Last updated on: 2026-03-19
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| canva | affinity | to 3.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-66042 is an out-of-bounds read vulnerability in the EMF (Enhanced Metafile Format) processing functionality of Canva Affinity, specifically in version 3.0.1.3808.
The vulnerability occurs when a specially crafted EMF file exploits improper handling of the EMR_EXTSELECTCLIPRGN record type during metafile parsing. This record contains region data including a count of rectangles and their sizes.
If the count of rectangles (CountRects) is excessively large, the software reads beyond the allocated buffer for region data, causing an out-of-bounds read. This improper bounds checking can lead to reading memory outside the intended region.
As a result, sensitive information stored in memory may be disclosed to an attacker.
How can this vulnerability impact me? :
This vulnerability can lead to the disclosure of sensitive information from the affected system due to an out-of-bounds read triggered by a malicious EMF file.
An attacker with local access and the ability to convince a user to open a crafted EMF file could exploit this flaw to access confidential data.
The impact includes a high confidentiality breach, while integrity remains unaffected and availability impact is low.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the processing of EMF files in Canva Affinity, specifically looking for crashes or access violations triggered by specially crafted EMF files containing malformed EMR_EXTSELECTCLIPRGN records.
Since the vulnerability triggers an access violation (code c0000005) during EMF file parsing, enabling debugging tools such as pageheap or similar memory debugging utilities on the system running Canva Affinity can help detect attempts to exploit this issue.
There are no specific network commands provided to detect this vulnerability remotely, as the attack vector is local and requires user interaction.
Suggested commands or steps include running Canva Affinity under a debugger with pageheap enabled to catch out-of-bounds reads when opening suspicious EMF files.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding opening untrusted or suspicious EMF files in Canva Affinity, especially version 3.0.1.3808, which is known to be vulnerable.
Since the vulnerability requires local user interaction, restricting user access to unverified EMF files and educating users about the risk can reduce exposure.
Monitoring for updates or patches from Canva Affinity and applying them as soon as they become available is recommended to fully remediate the vulnerability.