CVE-2008-0830

iPhoto 4.0.3 - Denial of Service via Malformed DPAP URI

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0830. PoCs published by David Wharton.

AI-analyzed exploit summary This exploit targets a denial-of-service (DoS) vulnerability in iPhoto 4.0.3's DPAP server by sending malformed HTTP requests with excessive 'A' characters or format specifiers, causing the server to crash. The script attempts to verify the crash by repeatedly connecting to the target.

Description

The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043.

Exploits (1)

exploitdb WORKING POC VERIFIED

by David Wharton · perldosios

https://www.exploit-db.com/exploits/5151

View Code ZIP pw:eip

This exploit targets a denial-of-service (DoS) vulnerability in iPhoto 4.0.3's DPAP server by sending malformed HTTP requests with excessive 'A' characters or format specifiers, causing the server to crash. The script attempts to verify the crash by repeatedly connecting to the target.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: iPhoto 4.0.3

No auth needed

Prerequisites: Network access to the target's DPAP server (default port 8770)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1019488

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5151

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27867

Scores

EPSS 0.0224

EPSS Percentile 80.6%

Details

CWE

CWE-20

Status published

Products (1)

apple/iphoto 4.0.3

Published Feb 19, 2008

Tracked Since Feb 18, 2026