Canva Affinity Out-of-Bounds Read Vulnerability in EMF Processing
Vulnerability
A vulnerability allowing out-of-bounds read has been identified in Canva Affinity version 3.0.1.3808. This issue arises in the application's EMF (Enhanced Metafile Format) functionality, where a specially crafted EMF file can be used to exploit the vulnerability. The flaw allows for reading arbitrary memory within the process, potentially disclosing sensitive information.
Impact
Exploitation of this vulnerability leads to an out-of-bounds read condition, causing access violations and allowing the reading of arbitrary memory. This could result in the unintentional disclosure of sensitive information.
Reproduction
The vulnerability can be reproduced by opening a specially crafted EMF file in Canva Affinity. The file must be designed to exploit the EMR_STRETCHBLT record by setting the offBmiSrc field to an arbitrary large value, which will then be read as a pointer to the source bitmap header. This misalignment causes the application to access an unallocated memory region, triggering the out-of-bounds read.
Remediation
Users are advised to upgrade to the latest version of Canva Affinity available from the Affinity website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.