CVE-2026-6045 Heap buffer overflow in EMF+ gradient brush import

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

EUVD-2026-36736

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

CVE-2026-6045 Heap buffer overflow in EMF+ gradient brush import

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

PT-2026-49264

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

Unity Linux 20.1070e Security Update: libEMF (UTSA-2026-016698)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016698 advisory. libEMF aka ECMA-234 Metafile Library through 1.0.11 allows a use-after-free. Tenable has extracted the preceding description block directly from the Unity Linux...

Unity Linux 20.1070e Security Update: libEMF (UTSA-2026-016701)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016701 advisory. libEMF aka ECMA-234 Metafile Library through 1.0.11 allows denial of service issue 1 of 2. Tenable has extracted the preceding description block directly from the...

Unity Linux 20.1070e Security Update: libEMF (UTSA-2026-016697)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016697 advisory. ScaleViewPortExtEx in libemf.cpp in libEMF aka ECMA-234 Metafile Library 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. Tenable has...

CVE-2025-58427

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-64776

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-64733

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-64735

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-66617

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-66000

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-66503

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-62500

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-64301

An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code execution...

CVE-2025-66342

A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15855)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15858)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to disclose sensitive information when using specially crafted EMF files...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15859)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...