CVE-2025-62403 - Vulnerability Details

- Out-of-Bounds Read in Canva Affinity EMF Functionality

Description

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Published: 2026-03-17

Score: 6.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An out-of-bounds read vulnerability (CWE-125) exists in the EMF (Enhanced Metafile) handling code of Canva Affinity. The flaw allows a specially crafted EMF file to cause the application to read beyond allocated memory boundaries, potentially exposing sensitive data stored in memory. The vulnerability does not grant execution of code or denial of service; it primarily facilitates data disclosure.

Affected Systems

The vulnerable product is Canva Affinity for Windows, identified by the CPE string cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:*. Specific version ranges are not provided, implying that any installation of Affinity with the affected EMF functionality on Windows could be susceptible.

Risk and Exploitability

The CVSS score of 6.1 indicates a medium severity level, while the EPSS score of less than 1% suggests a low likelihood of real-world exploitation. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the attack vector is most likely the delivery of a malicious EMF file to the target system; the attacker must compel the file to be opened or processed by Affinity, which could occur through social engineering or legitimate import mechanisms. The impact is limited to potential information disclosure rather than code execution or system crash.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Canva

Affinity

affected

Version	Status	Constraints
`3.0.1.3808`	affected	—

Configuration 1 [-]

cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:*

No data.

Vendor Product Confidence Versions

Canva

Affinity

100%

Version	Status	Scheme	Platform
`3.0.1.3808`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check Canva’s official website or support portal for a patch or update to Affinity that addresses the EMF out-of-bounds read issue.
Apply any available vendor patch as soon as possible.
Avoid opening or processing untrusted EMF files from unknown sources.
Configure application or OS-level file type restrictions to block automatic processing of EMF files from external locations.

Generated by OpenCVE AI on March 19, 2026 at 13:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0001.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2321
https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2321

History

Tue, 24 Mar 2026 13:30:00 +0000

Type	Values Removed	Values Added
Title		Out-of-Bounds Read in Canva Affinity EMF Functionality

Thu, 19 Mar 2026 12:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:canva:affinity::::::windows::*

Wed, 18 Mar 2026 17:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:canva:affinity:-:::::windows::

Wed, 18 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 17 Mar 2026 21:30:00 +0000

Type	Values Removed	Values Added
References		https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2321

Tue, 17 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Canva Canva affinity
CPEs		cpe:2.3:a:canva:affinity:-:::::windows::
Vendors & Products		Canva Canva affinity

Tue, 17 Mar 2026 19:00:00 +0000

Type	Values Removed	Values Added
Description		An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Weaknesses		CWE-125
References		https://talosintelligence.com/vulnerability_reports/TALOS-2025-2321 https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L'}`

Subscriptions

Canva Affinity

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2026-03-17T18:52:27.909Z

Updated: 2026-03-18T17:00:24.752Z

Reserved: 2025-12-10T16:23:12.230Z

Link: CVE-2025-62403

Vulnrichment

Updated: 2026-03-17T20:11:24.202Z

NVD

Status : Analyzed

Published: 2026-03-17T19:15:58.257

Modified: 2026-03-19T12:23:42.530

Link: CVE-2025-62403

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-24T10:55:02Z

Weaknesses

CWE-125

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object