Canva Affinity Out-of-Bounds Read Vulnerability in EMF Processing
Vulnerability
A vulnerability allowing out-of-bounds read has been identified in Canva Affinity version 3.0.1.3808. This issue arises in the application's handling of Enhanced Metafile (EMF) files, specifically within the EMR_BITBLT record. When a specially crafted EMF file is used, the vulnerability can be exploited to read arbitrary memory, potentially disclosing sensitive information.
Impact
Exploitation of this vulnerability leads to an out-of-bounds read, causing access to unallocated memory and potentially allowing the disclosure of sensitive information.
Reproduction
The vulnerability can be reproduced by opening a specially crafted EMF file in Canva Affinity. The file must be designed to exploit the EMR_BITBLT record by setting the offBmiSrc field to a value that exceeds the recordSize, causing an out-of-bounds read when the source bitmap header is accessed.
Remediation
Users are advised to upgrade to the latest version of Canva Affinity available from the Affinity website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.