Description
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Published: 2026-03-17
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Disclosure
Action: Patch Now
AI Analysis

Impact

An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) functionality of Canva Affinity. A specially crafted EMF file can trigger the flaw, enabling an attacker to read memory beyond the intended bounds. This weakness corresponds to CWE-125, which allows the disclosure of potentially sensitive information from the process memory. If exploited, an attacker could gain access to confidential data held by the application or the underlying operating system.

Affected Systems

The affected system is Canva Affinity on Windows platforms. Specific version details are not disclosed in the provided information, so all installations of Affinity that still rely on the legacy EMF processing code are potentially vulnerable. The vulnerability is listed under the cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:* which indicates Windows as the target OS.

Risk and Exploitability

CVSS score 6.1 indicates a medium severity impact. The EPSS score of <1% suggests a low probability of exploitation in the wild. The vulnerability is not included in the CISA KEV list. The likely attack vector requires an attacker to supply a malicious EMF file that the victim opens, thus the exploit is most effective when users download or otherwise receive a manipulated file. No public exploit code has been disclosed, but the flaw can be leveraged by attackers familiar with EMF file structure.

Generated by OpenCVE AI on March 19, 2026 at 13:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor patch or update for Affinity that addresses the EMF handling weakness.
  • If an update is not available, disable EMF import functionality or configure the application to reject .emf files.
  • Restrict file types that can be opened by Affinity to only approved file extensions.
  • Verify the integrity of any .emf files before opening, using signature checks or whitelisting.
  • Monitor system logs for anomalous memory access or crashes associated with EMF processing.
  • Keep the entire system and anti‑virus signatures up to date.

Generated by OpenCVE AI on March 19, 2026 at 13:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read in Canva Affinity EMF Functionality Leading to Sensitive Data Disclosure

Thu, 19 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:*

Wed, 18 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:canva:affinity:-:*:*:*:*:windows:*:*

Wed, 18 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 17 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Canva
Canva affinity
CPEs cpe:2.3:a:canva:affinity:-:*:*:*:*:windows:*:*
Vendors & Products Canva
Canva affinity

Tue, 17 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L'}

Subscriptions

Canva Affinity
cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2026-03-18T17:00:20.022Z

Reserved: 2025-12-10T12:57:44.820Z

Link: CVE-2025-47873

cve-icon Vulnrichment

Updated: 2026-03-17T20:11:19.949Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-17T19:15:57.540

Modified: 2026-03-19T12:21:56.440

Link: CVE-2025-47873

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:54:58Z

Weaknesses