Canva Affinity Out-of-Bounds Write Vulnerability in EMF Processing
Vulnerability
A vulnerability allowing out-of-bounds write operations has been identified in Canva Affinity version 3.0.1.3808. This issue arises within the application's Enhanced Metafile (EMF) handling, where the 'EMR_CREATEDIBPATTERNBRUSHPT' record can be exploited by a specially crafted EMF file. The vulnerability could lead to memory corruption and potentially allow for arbitrary code execution.
Impact
Exploitation of this vulnerability causes a memory corruption error, which can be leveraged to execute arbitrary code within the application.
Reproduction
The vulnerability can be reproduced by opening a specially crafted EMF file in Canva Affinity. The file must be designed to exploit the 'EMR_CREATEDIBPATTERNBRUSHPT' record by manipulating the 'HeaderSize' value to exceed the expected size, causing an out-of-bounds write during the metafile processing.
Remediation
Users are advised to upgrade to the latest version of Canva Affinity available from the Affinity website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.