Cyber Resilience

CVE-2020-37239

CriticalPublic PoC

Published: 16 May 2026

Published
16 May 2026
Modified
18 May 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0046 36.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2020-37239 is a critical-severity Double Free (CWE-415) vulnerability in Gegl (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, ranked at the 36.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_free() twice on the same pointer without triggering detection, as libc's malloc metadata…

more

overwrites babl's signature field upon freeing, enabling potential memory corruption and code execution.

CWE(s)

Related Threats

CVEs Like This One

CVE-2026-31506Shared CWE-415
CVE-2026-31609Shared CWE-415
CVE-2022-49391Shared CWE-415
CVE-2022-49686Shared CWE-415
CVE-2023-52930Shared CWE-415
CVE-2026-31507Shared CWE-415
CVE-2026-23162Shared CWE-415
CVE-2025-21183Shared CWE-415
CVE-2022-49290Shared CWE-415
CVE-2025-32988Shared CWE-415

Affected Assets

Gegl
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References