CVE-2025-66342

Published: Mar 17, 2026 Last Modified: Mar 17, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,8

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.

843

Access of Resource Using Incompatible Type ('Type Confusion')

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality

Potential Impacts:

Read Memory Modify Memory Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart

Applicable Platforms

Languages: C, C++

View CWE Details

https://www.talosintelligence.com/vulnerability_reports/TAL…

https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2297

https://talosintelligence.com/vulnerability_reports/TALOS-2…

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2297

https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-666…

https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62

CVE-2025-66342

Description

Access of Resource Using Incompatible Type ('Type Confusion')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter