{"id":"CVE-2020-0570","details":"Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.","modified":"2026-05-08T18:42:34.996666Z","published":"2020-09-14T19:15:10.583Z","related":["ALSA-2020:4690","openSUSE-SU-2024:10975-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpe":"cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*","extracted_events":[{"fixed":"5.9.10"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0"}]}]},"references":[{"type":"ADVISORY","url":"https://lists.qt-project.org/pipermail/development/2020-January/038534.html"},{"type":"FIX","url":"https://bugreports.qt.io/browse/QTBUG-81272"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800604"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qt/qtbase","events":[{"introduced":"50117d738af526cbfbd5afa50b9a501acb0fb9ce"},{"fixed":"1bf5d3af1a4ec307bb77e1b54bb1f723c3eef481"},{"introduced":"fc9ae22c88dd085c7c31599037132fc756feeb04"},{"fixed":"2a887a517eaaa2c5324aecf3b919899b7a86ff4a"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"5.10.0"},{"fixed":"5.12.7"},{"introduced":"5.13.0"},{"fixed":"5.14.0"}]}}],"database_specific":{"vanir_signatures_modified":"2026-05-08T18:42:34Z","vanir_signatures":[{"id":"CVE-2020-0570-c7889054","target":{"file":"src/corelib/time/qcalendar.cpp","function":"QCalendarBackend::fromEnum"},"signature_version":"v1","signature_type":"Function","deprecated":false,"digest":{"length":891,"function_hash":"71332152841244748522602606891732985491"},"source":"https://github.com/qt/qtbase/commit/2a887a517eaaa2c5324aecf3b919899b7a86ff4a"},{"id":"CVE-2020-0570-e28156da","target":{"file":"src/corelib/time/qcalendar.cpp"},"signature_version":"v1","signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["126256747252800817208418696187723556533","150756843560902081956306707431697914063","336797157278032097828194484489526761035","206439151709090235265677738535943131187","114906715666850331827204257559836080037","134665350989241518761002595505043291334","337821674886944546617969196960834263196","274920186207822786761532454224035700681"]},"source":"https://github.com/qt/qtbase/commit/2a887a517eaaa2c5324aecf3b919899b7a86ff4a"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-0570.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}]}