VDB
CVE-2020-37040
CVE-2020-37040
PUBLISHED
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation, potentially executing system commands like calc.exe.
EPSS 0.01% · 0.9th percentile
Risk Scores
EPSS Score
0.01%
0.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:25.10 | codeblocks | 0, 25.03+dfsg-2, * |
| Ubuntu:20.04:LTS | codeblocks | 16.01+dfsg-2.1, 17.12+dfsg-1, 20.03-3 |
| Ubuntu:18.04:LTS | codeblocks | 0, * |
| Ubuntu:24.04:LTS | codeblocks | 20.03+svn13046-0.3build1, 0, 20.03+svn13046-0.2 |
| Ubuntu:16.04:LTS | codeblocks | 0, 13.12+dfsg-4, 13.12-3.1build1 |
| Ubuntu:22.04:LTS | codeblocks | 0, 20.03-3.1, 20.03-3 |
Exploit Intelligence
Timeline
- Jan 30, 2026 CVE Published
- Jan 31, 2026 EPSS Score
- Feb 2, 2026 EPSS Score
- Feb 5, 2026 EPSS Score
- Feb 7, 2026 EPSS Score
- Feb 10, 2026 EPSS Score
- Feb 12, 2026 EPSS Score
- Feb 14, 2026 EPSS Score
- Feb 17, 2026 EPSS Score
- Feb 19, 2026 EPSS Score
- Feb 22, 2026 EPSS Score
- Feb 24, 2026 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-37040 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-37040 third-party-advisory
- https://www.exploit-db.com/exploits/48594 third-party-advisory
- http://www.codeblocks.org/ third-party-advisory
- https://sourceforge.net/projects/codeblocks third-party-advisory
- https://www.vulncheck.com/advisories/code-blocks-file-name-local-buffer-overflow third-party-advisory