CVE-2025-64301

Summary of CVE-2025-64301 (Canva Affinity EMF vulnerability) Talos reports a local‑privilege context vulnerability in Canva Affinity’s EMF file handling that enables an out‑of‑bounds write, potentially allowing arbitrary code execution within affected Canva Affinity processes. The vulnerability i...

CVE-2025-64735

CVE-2025-64735 affects Canva Affinity. Talos reports an out-of-bounds read in EMF processing (EMR_STRETCHBLT) where offBmiSrc is not validated, leading to a read of memory outside the mapped bitmap when a crafted EMF is opened. Affected product/version per Talos: Canva Affinity 3.0.1.3808. The vu...

CVE-2025-64776

Summary: CVE-2025-64776 is a Canva Affinity EMF handling vulnerability. A specially crafted EMF file can trigger an out-of-bounds read via the EMF processing path, potentially exposing memory contents. Affected product/version: Canva Affinity 3.0.1.3808 (Affinity suite). Root cause (as described)...

CVE-2026-22882

CVE-2026-22882 : Affects Canva Affinity; an out-of-bounds read in EMF file processing (EMR_POLYPOLYLINE) can disclose memory contents. Talos reports affected version: Canva Affinity 3.0.1.3808; exploitation via crafted EMF. Vendor has released a patch; update to the patched build per Canva securi...

CVE-2025-62403

CANVA AFFINITY CVE-2025-62403 is an EMF parsing vulnerability in the EMF file handling (EMR_EXTTEXTOUTA) that may trigger an out-of-bounds read. Talos reports that the fault is due to an offDx offset using intercharacter spacing past the recordSize, enabling an attacker to read arbitrary memory w...

CVE-2025-64733

CVE-2025-64733 affects Canva Affinity; the EMF processing code is vulnerable to an out-of-bounds read via a crafted EMF file. Talos documents Canva Affinity 3.0.1.3808 as vulnerable and describes the EMR_CREATEDIBPATTERNBRUSHPT parsing path that can access memory outside the DIB header when offBm...

CVE-2025-66342

CVE-2025-66342 is a type-confusion vulnerability in Canva Affinity’s EMF processing. Talos reports vulnerable version Canva Affinity 3.0.1.3808 with memory corruption that can lead to arbitrary code execution via a specially crafted EMF file. The CVSSv3.1 base score is 7.8 (HIGH) with LOCAL/USER ...

CVE-2025-66042

CVE-2025-66042 affects Canva Affinity. Talos details reveal an out-of-bounds read in the EMF processing path of Canva Affinity, triggered by specially crafted EMF files. Affected product/version example: Canva Affinity 3.0.1.3808. The vulnerability arises during EMR_EXTSELECTCLIPRGN region handli...

CVE-2026-20726

CVE-2026-20726 affects Canva Affinity: Talos confirms an EMF processing vulnerability (EMF POLYBEZIERTO16) causing an out-of-bounds read that can disclose memory contents. Canva Affinity 3.0.1.3808 is listed as vulnerable; exploitation details are documented in TALOS-2025-2324/TALOS blog TALOSBLO...

CVE-2025-47873

CVE-2025-47873 is a vulnerability in Canva Affinity’s EMF processing. Cisco Talos and Red Hat/NVD references confirm an out-of-bounds read in the EMF functionality when parsing EMR_POLYBEZIER16 records, triggered by specially crafted EMF files. Talos details indicate the vulnerability affects Can...

CVE-2025-61952

CVE-2025-61952 is an out-of-bounds read vulnerability in Canva Affinity’s EMF processing. Talos reports that the issue affects Canva Affinity’s EMF handling (EMR_POLYBEZIER records) and can be triggered by a specially crafted EMF file, leading to memory reads from the process and potential disclo...

CVE-2025-61979

Canva Affinity (EMF functionality) has an out-of-bounds read vulnerability tracked as CVE-2025-61979. Talos documents indicate it affects Canva Affinity 3.0.1.3808 and arise from processing EMF headers (EMR_HEADER) in EMF files, where an offDescription field can be misused to trigger an out-of-bo...

CVE-2025-65119

Summary (verified): CVE-2025-65119 affects Canva Affinity. Talos reports an out-of-bounds read in the EMF processing of Canva Affinity’s EMF files, caused by the EMR_POLYGON record where a large Count leads to an out-of-bounds read when iterating aPoints. Affected version identified by Talos: Can...

CVE-2025-66503

Canva Affinity CVE-2025-66503 is an out-of-bounds read vulnerability in the EMF handling code. Talos documents describe it as an EMF file processing issue (EMR_POLYBEZIERTO) that can read memory outside the intended bounds, potentially causing disclosure of sensitive information. Affected product...

CVE-2025-66617

CVE-2025-66617 affects Canva Affinity (EMF handling). Talos reports an out-of-bounds read in EMF processing via EMR_POLYPOLYLINE16, with Canva Affinity 3.0.1.3808 identified as vulnerable. The vulnerability arises when parsing EMF records where Count/Polylines cause a reader to access beyond the ...

CVE-2025-66633

Technical details about CVE-2025-66633 are not provided in the supplied documents. No product, affected components, or impact are disclosed. Monitor for updates from the reserving organization and future public disclosure.

CVE-2025-58427

CVE-2025-58427 affects Canva Affinity for EMF processing. Talos reports an out-of-bounds read in the EMF handling within the EMR_EXTTEXTOUTW record, triggered by specially crafted EMF files. The vulnerability stems from reading an intercharacter spacing array using an offset (offDx) that can exce...

CVE-2025-62500

The CVE-2025-62500 entry describes an out-of-bounds read in Canva Affinity’s EMF processing. Talos reports that Canva Affinity 3.0.1.3808 is vulnerable to specially crafted EMF files triggering an EMR_HEADER/description-based read, which can lead to disclosure of sensitive information. The vulner...

CVE-2025-66000

CVE-2025-66000 affects Canva Affinity (EMF handling). Talos reports an out-of-bounds read in EMF processing, specifically targeting EMR_POLYDRAW in Canva Affinity 3.0.1.3808, by processing a crafted EMF file, enabling an attacker to read arbitrary process memory and potentially disclose sensitive...