CVE-2020-37239 CRITICAL

CVE-2020-37239: libbabl 0.1.62 Broken Double Free Detection Memory Safety

Vendor Gegl
Product libbabl
Weakness CWE-415
Published May 16, 2026
Last update May 18, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_free() twice on the same pointer without triggering detection, as libc's malloc metadata overwrites babl's signature field upon freeing, enabling potential memory corruption and code execution.

Key dates

02Disclosure timeline

May 16, 2026 CVE published
May 18, 2026 Record updated