Home / Security updates / Various vulnerabilities in the EMF functionality of Affinity
Various vulnerabilities in the EMF functionality of Affinity
Security updates detail rendered from /security-updates/upd_c6dd259ab36bc3d3.
Overview
| ID | upd_c6dd259ab36bc3d3 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Canva |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_c6dd259ab36bc3d3 |
| providerId | safebase |
| organizationId | org_fff8cc1b477b85f7 |
| trustCenterId | tc_8342c8033d0df9de |
| title | Various vulnerabilities in the EMF functionality of Affinity |
| message | # Security Bulletin **Published Date:** 17 March 2026 ## Vulnerabilities ### CVE-2025-66342 - **Description:** A type confusion vulnerability exists in the EMF functionality of Affinity. A specially crafted EMF file can trigger this vulnerability, leading to memory corruption. - **Severity:** High - **CVSS:** 7.8 - `CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H` - **Affected Products and Versions:** Affinity Desktop for Windows before 3.1.0 (March 26) ### CVE-2025-64301 - **Description:** An out-of-bounds write vulnerability exists in the EMF functionality of Affinity. By using a specially crafted EMF file, a threat actor could exploit this vulnerability to perform an out-of-bounds write, leading to memory corruption. - **Severity:** High - **CVSS:** 7.8 - `CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H` - **Affected Products and Versions:** Affinity Desktop for Windows before 3.1.0 (March 26) ### CVE-2025-62500 - **Description:** An out-of-bounds read vulnerability exists in the EMF |
| url | - |
| publishedAt | 2026-03-17 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_fff8cc1b477b85f7",
"name": "Canva",
"domains": [
"trust.canva.com",
"canva.com"
]
} |
| trust_center | {
"id": "tc_8342c8033d0df9de",
"name": "Canva",
"url": "https://trust.canva.com",
"host": "trust.canva.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_c6dd259ab36bc3d3",
"company": "/v1/companies/org_fff8cc1b477b85f7",
"trust_center": "/v1/trust-centers/tc_8342c8033d0df9de",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_c6dd259ab36bc3d3JSON