CVE-2025-66633
Out-of-Bounds Read in Canva Affinity EMF Risks Data Exposure
Publication date: 2026-03-17
Last updated on: 2026-03-19
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| canva | affinity | to 3.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-66633 is an out-of-bounds read vulnerability in the EMF (Enhanced Metafile Format) processing functionality of Canva Affinity, specifically version 3.0.1.3808.
The vulnerability occurs due to improper validation when handling the EMR_STRETCHBLT record within EMF files. This record defines pixel block transfers from a source bitmap to a destination rectangle.
An attacker can exploit this by using a specially crafted EMF file that causes the application to read memory outside the intended bounds, leading to an out-of-bounds read.
This happens because the application fails to check if the calculated size of bitmap data to read exceeds the buffer size, resulting in reading sensitive information from memory.
How can this vulnerability impact me? :
This vulnerability can lead to the disclosure of sensitive information due to the out-of-bounds read caused by processing a specially crafted EMF file.
Since the vulnerability has a high confidentiality impact, an attacker with local access and requiring user interaction could exploit it to access sensitive data stored in memory.
The attack complexity is low and no privileges are required, which increases the risk if an attacker can convince a user to open a malicious EMF file.
The vulnerability does not impact data integrity but has a low impact on availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves processing specially crafted EMF files by Canva Affinity version 3.0.1.3808, leading to an out-of-bounds read. Detection would focus on identifying attempts to open or process suspicious EMF files containing malformed EMR_STRETCHBLT records.
Since the vulnerability requires local access and user interaction, monitoring file access and application logs for errors related to EMF file processing in Canva Affinity could help detect exploitation attempts.
There are no specific commands provided in the resources to detect this vulnerability directly. However, you can use file scanning tools or scripts to identify EMF files with unusual or malformed EMR_STRETCHBLT records by parsing the EMF file structure.
For example, on a system with Canva Affinity installed, you might monitor for crashes or error logs when opening EMF files, or use forensic tools to analyze EMF files for abnormal record sizes or offsets related to EMR_STRETCHBLT.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding opening or processing untrusted or suspicious EMF files in Canva Affinity version 3.0.1.3808.
Since the vulnerability requires local access and user interaction, restricting user permissions and limiting access to Canva Affinity can reduce risk.
Additionally, monitor for updates or patches from the vendor addressing this vulnerability and apply them as soon as they become available.