CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2020-37239 — libbabl 0.1.62 contains a broken double free detection vulnerability that allows...

·Source: NIST NVD

Updated:

Executive Summary

libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_free() twice on the same pointer without triggering detection, as libc's malloc metadata overwrites babl's signature field upon freeing, enabling potential memory corruption and code execution.

Analysis

libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_free() twice on the same pointer without triggering detection, as libc's malloc metadata overwrites babl's signature field upon freeing, enabling potential memory corruption and code execution. CVSS Score: 9.8. Published: 2026-05-16T16:16:20.097.

Indicators of Compromise (1)

CVE (1)
CVE-2020-37239
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 16, 2026. Verified by: NIST.

Related Threats

CRITICALVulnerability

Microsoft rejects critical Azure vulnerability report, no CVE issued

A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was expected and that "no product changes were made," despite the researcher documenting a silent fix. [...]

BleepingComputer
MEDIUMVulnerability

Another detail emerges about Instructure’s agreement with ShinyHunters; Debate continues about whether to pay

Media outlets have been understandably eager to learn whether Instructure paid ShinyHunters after the latter attacked them for a second time on May 7. Considering that they pledged to be more transparent, DataBreaches doesn’t fully understand why Instructure wasn’t more forthright about the payment issue in its update, unless they were trying to avoid encouraging... Source

DataBreaches.net
CRITICALVulnerability

NVD CRITICAL: CVE-2020-37228 — iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulner...

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts.

CVE-2020-37228
NIST NVD