Canva Affinity Out-of-Bounds Read Vulnerability in EMF Processing

A vulnerability allowing out-of-bounds read has been identified in Canva Affinity version 3.0.1.3808. This issue arises in the application's EMF (Enhanced Metafile Format) functionality, where a specially crafted EMF file can be used to exploit the vulnerability. The flaw may lead to the unauthorized disclosure of sensitive information by allowing access to arbitrary memory within the process.

Impact

Exploitation of this vulnerability causes a crash, indicating an access violation due to the out-of-bounds read. This type of memory access error can be exploited to read sensitive information from memory, potentially leading to further exploitation or information leakage.

Reproduction

The vulnerability can be reproduced by opening a specially crafted EMF file in Canva Affinity. The file must be designed to exploit the out-of-bounds read by manipulating the EMR_CREATEDIBPATTERNBRUSHPT record, specifically by setting the offBmi field to a value that exceeds the recordSize, causing the application to read beyond the allocated memory bounds.

Remediation

Users are advised to upgrade to the latest version of Canva Affinity available from the Affinity website.