Description
An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code execution.
Published: 2026-03-17
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

An out‑of‑bounds write flaw exists in the EMF handling of Canva Affinity. A maliciously crafted EMF file can trigger the vulnerability, allowing an attacker to corrupt memory and potentially execute arbitrary code. The weakness is classified as CWE‑787 (Improper Bounds Checking).

Affected Systems

The vulnerability affects the Canva Affinity product running on Windows. Version information was not provided by the CNA; therefore, all current releases of Canva Affinity on Windows are potentially impacted until an official fix is distributed.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity impact. The EPSS score of less than 1% suggests a low current likelihood of exploitation observed in the wild, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local or user‑initiated file processing, as the issue is triggered when a specially crafted EMF file is loaded by the application. Exploitation would therefore require the victim to open or otherwise process such a file, potentially enabling an attacker to run arbitrary code on the affected system.

Generated by OpenCVE AI on March 19, 2026 at 13:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and install the latest Canva Affinity update from the official Canva website.
  • Limit opening or executing EMF files from untrusted sources.
  • Consider processing EMF files in a sandboxed or trusted environment until a patch is available.

Generated by OpenCVE AI on March 19, 2026 at 13:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in Canva Affinity EMF Processing Leading to Code Execution

Thu, 19 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:*

Wed, 18 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:canva:affinity:-:*:*:*:*:windows:*:*

Wed, 18 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 17 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Canva
Canva affinity
CPEs cpe:2.3:a:canva:affinity:-:*:*:*:*:windows:*:*
Vendors & Products Canva
Canva affinity

Tue, 17 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code execution.
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Canva Affinity
cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2026-03-18T17:00:12.919Z

Reserved: 2025-12-05T16:28:22.882Z

Link: CVE-2025-64301

cve-icon Vulnrichment

Updated: 2026-03-17T20:11:26.323Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-17T19:15:58.587

Modified: 2026-03-19T12:24:39.400

Link: CVE-2025-64301

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:54:52Z

Weaknesses