Canva Affinity Out-of-Bounds Read Vulnerability in EMF Processing

A vulnerability allowing out-of-bounds read has been identified in Canva Affinity version 3.0.1.3808. This issue arises in the application's EMF (Enhanced Metafile Format) functionality, where the software improperly processes certain EMF file records. An attacker could exploit this vulnerability by crafting a specific EMF file that, when opened in Canva Affinity, triggers the out-of-bounds read. This exploitation could lead to the unauthorized disclosure of sensitive information by allowing access to arbitrary memory within the application process.

Impact

Exploitation of this vulnerability causes an out-of-bounds read, which can lead to a crash of the application and potentially allow for the extraction of sensitive information from memory.

Reproduction

The vulnerability can be reproduced by creating an EMF file that takes advantage of the improper validation in the 'EMR_STRETCHBLT' record. This crafted file can then be opened in Canva Affinity, which will process the EMF data and trigger the out-of-bounds read. This can be done using a debugger to confirm the access violation that occurs when the application tries to read memory outside of its allocated bounds.

Remediation

Users are advised to upgrade to the latest version of Canva Affinity available from the Affinity website.