CVE-2002-0143

Imlib2 <= 1.0.4 - Buffer Overflow via HOME Environment Variable

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0143. PoCs published by Charles Stevenson.

AI-analyzed exploit summary This exploit targets a buffer overflow in Imlib2 via the $HOME environment variable, allowing local privilege escalation to utmp group privileges. It includes PowerPC shellcode to execute setgid(43) followed by execve("/bin/sh").

Description

Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Charles Stevenson · clocallinux
https://www.exploit-db.com/exploits/21226

This exploit targets a buffer overflow in Imlib2 via the $HOME environment variable, allowing local privilege escalation to utmp group privileges. It includes PowerPC shellcode to execute setgid(43) followed by execve("/bin/sh").

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Imlib2 (via setuid/setgid programs like Eterm)
No auth needed
Prerequisites: Local access · Setuid/setgid binary linked to Imlib2 (e.g., Eterm) · PowerPC architecture
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3868
Vendor Advisory mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/251597
Vendor Advisory mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/250145
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/7896.php

Scores

EPSS 0.0080
EPSS Percentile 51.6%

Details

Status published
Products (6)
enlightenment/imlib 2.0.01.0.0
enlightenment/imlib 2.1.0.1
enlightenment/imlib 2.1.0.2
enlightenment/imlib 2.1.0.3
enlightenment/imlib 2.1.0.4
michael_jennings/eterm 0.9.1
Published Mar 25, 2002
Tracked Since Feb 18, 2026