Canva Affinity EMF File EMR_BITBLT offBmiSrc Out-Of-Bounds Read Vulnerability

Talos Vulnerability Report TALOS-2025-2311 Canva Affinity EMF File EMRBITBLT offBmiSrc Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-64776 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an...

openoffice.org: EMF files parsing EMR_BITBLT record heap overflows

Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an EMF file with a crafted EMRSTRETCHBLT record, which triggers a heap-based buffer overflow...