An out-of-bounds read vulnerability exists in the Enhanced Metafile (EMF) functionality of Canva Affinity. Attackers can craft a malicious EMF file to trigger the read beyond allowed boundaries, potentially exposing sensitive information. The core weakness is a buffer over-read (CWE-125), which may allow an adversary to read memory content that the application should not access. The impact is primarily confidentiality compromise, producing possible disclosure of arbitrary memory contents. The vulnerability does not directly lead to code execution or denial of service, but any sensitive data revealed could assist in further attacks. Based on the description, it is inferred that the vulnerability is exploitable via a user-supplied EMF file, possibly through file import or opening actions.

Vulnerable systems include Canva Affinity running on Windows. Specific affected product is Canva Affinity. Detailed version information is not provided in the CNA data, so any installation of Canva Affinity that includes the EMF module may be at risk unless otherwise noted by the vendor. The exact scope of affected releases remains unclear.

The CVSS score of 6.1 indicates a moderate severity. EPSS indicates a very low likelihood of exploitation (<1%). The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector involves a malicious EMF file supplied to the target user. Exploitation requires opening or processing the file within the application, so user interaction or privilege is needed. Once exploited, the attacker can read memory data that should be inaccessible. No evidence suggests the attacker can obtain higher privileges or execute arbitrary code from the advent of the read. The risk is therefore limited to data exposure but can be significant if the exposed data is highly confidential.