Canva Affinity Out-of-Bounds Read Vulnerability in EMF Functionality
Vulnerability
A vulnerability allowing out-of-bounds read has been identified in the EMF processing of Canva Affinity version 3.0.1.3808. This issue arises because the 'offDescription' field in the EMF header is not properly validated, enabling the reading of memory beyond the allocated buffer. Exploitation of this vulnerability could lead to the unauthorized disclosure of sensitive information.
Impact
Exploitation of this vulnerability allows for arbitrary memory reading within the Canva Affinity process, potentially disclosing sensitive information.
Reproduction
The vulnerability can be reproduced by creating a specially crafted EMF file that exploits the unvalidated 'offDescription' field in the EMF header. When this file is opened in Canva Affinity, the application will read beyond the allocated memory, leading to an out-of-bounds read. This can be observed using debugging tools that monitor memory access, where the access violation indicates a crash due to reading from an invalid memory location.
Remediation
Users are advised to upgrade to the latest version of Canva Affinity available from the Affinity website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.