Canva Affinity Out-of-Bounds Read Vulnerability in EMF Processing
Vulnerability
A vulnerability allowing out-of-bounds read has been identified in Canva Affinity version 3.0.1.3808. This issue arises in the application's EMF (Enhanced Metafile Format) functionality, where the software fails to properly validate the 'Count' field in the 'EMR_POLYDRAW' record. As a result, an attacker can craft a malicious EMF file that, when opened in Affinity, triggers the vulnerability by causing the application to read beyond the intended memory boundaries. This exploitation could lead to the unintentional disclosure of sensitive information stored in memory.
Impact
Exploitation of this vulnerability allows for arbitrary memory reading within the process, potentially revealing sensitive information.
Reproduction
The vulnerability can be reproduced by creating a specially crafted EMF file that exploits the unvalidated 'Count' field in the 'EMR_POLYDRAW' record. This file can then be opened in Canva Affinity version 3.0.1.3808, where the out-of-bounds read will occur, as demonstrated through debugging with pageheap enabled.
Remediation
Users are advised to upgrade to the latest version of Canva Affinity available from the Affinity website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.