Canva Affinity Out-of-Bounds Read Vulnerability in EMF Processing
Vulnerability
A vulnerability allowing out-of-bounds read has been identified in Canva Affinity version 3.0.1.3808. This issue arises in the application's EMF (Enhanced Metafile Format) functionality, where a specially crafted EMF file can be used to exploit the vulnerability. The out-of-bounds read could lead to the disclosure of sensitive information by allowing arbitrary memory to be read within the process.
Impact
Exploitation of this vulnerability causes a crash due to an access violation, indicating that the out-of-bounds read has occurred. This behavior suggests that the vulnerability could be exploited to read arbitrary memory, potentially leading to the disclosure of sensitive information.
Reproduction
The vulnerability can be reproduced by opening a specially crafted EMF file in Canva Affinity. The file must be designed to exploit the EMR_POLYGON record by manipulating the Count field to indicate a larger number of points than the record size can accommodate. This causes the application to read beyond the allocated memory, leading to a crash and an access violation error.
Remediation
Users are advised to upgrade to the latest version of Canva Affinity available from the Affinity website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.