Canva Affinity Out-of-Bounds Read Vulnerability in EMF Processing
Vulnerability
A vulnerability allowing out-of-bounds read has been identified in the EMF handling of Canva Affinity version 3.0.1.3808. This issue arises when the application processes specially crafted EMF files, particularly with the 'EMR_POLYBEZIERTO' record type, which can lead to the unauthorized reading of memory and potential disclosure of sensitive information.
Impact
Exploitation of this vulnerability allows for arbitrary memory reading within the application process, which could result in the leakage of sensitive information.
Reproduction
The vulnerability can be reproduced by opening a specially crafted EMF file in Canva Affinity. The file must include an 'EMR_POLYBEZIERTO' record with a 'Count' value that exceeds the expected size, causing the application to read beyond the allocated memory bounds. This can be done by manipulating the 'aPoints' array to include an excessive number of points, which the application will process without proper validation, leading to an out-of-bounds read.
Remediation
Users are advised to upgrade to the latest version of Canva Affinity available from the Affinity website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.