Description
A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.
Published: 2026-03-17
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Assess Impact
AI Analysis

Impact

A type confusion flaw has been identified in the EMF processing routine of Canva Affinity. When the application parses a specially crafted EMF file, the mismatch in expected data types can cause memory corruption, enabling an attacker to execute arbitrary code on the affected system. The vulnerability is rooted in CWE-843, which denotes Data Type Confusion, and the vendor’s description confirms that the result can lead to code execution.

Affected Systems

The affected product is Canva Affinity, running on Windows platforms as indicated by the CPE string. Specific version information is not supplied by the CVE data, so all installations of Canva Affinity may be vulnerable until an update is deployed.

Risk and Exploitability

The CVSS score is 7.8, indicating high severity. The EPSS score is less than 1%, suggesting a low probability of exploitation in the wild, and the vulnerability is not currently listed in CISA’s KEV catalog. Based on the nature of the flaw and the fact that it requires a crafted EMF file, the likely attack vector is local: the attacker would need to deliver or trick the victim into opening the malicious file. If the file is processed remotely by a web component, a remote vector could also be possible, but this is inferred rather than stated in the input.

Generated by OpenCVE AI on March 19, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Canva Affinity for available updates or patches on the vendor’s website.
  • Disable or restrict processing of EMF files if the functionality is not required in your environment.
  • Implement file integrity controls or content-disposition checks to prevent open of untrusted EMF files.
  • Monitor for potential exploitation attempts by inspecting system logs for anomalous code execution patterns.

Generated by OpenCVE AI on March 19, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title Memory Corruption via Type Confusion in Canva Affinity EMF Processor Leading to Arbitrary Code Execution

Thu, 19 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:*

Wed, 18 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:canva:affinity:-:*:*:*:*:windows:*:*

Tue, 17 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 17 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Canva
Canva affinity
CPEs cpe:2.3:a:canva:affinity:-:*:*:*:*:windows:*:*
Vendors & Products Canva
Canva affinity
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.
Weaknesses CWE-843
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Canva Affinity
cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2026-03-18T17:00:08.764Z

Reserved: 2025-12-05T12:07:22.387Z

Link: CVE-2025-66342

cve-icon Vulnrichment

Updated: 2026-03-17T20:11:34.299Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-17T19:15:59.750

Modified: 2026-03-19T12:11:04.160

Link: CVE-2025-66342

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:54:48Z

Weaknesses