CVE-2016-4216

CWE-611 — XML External Entity (XXE)9 documents6 sources

Severity

7.5HIGH

EPSS

0.7%

top 28.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe XMP Toolkit

Timeline

PublishedJul 13

Latest updateOct 19

Description

XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Mavencom.adobe.xmp:xmpcore< 5.1.3

▶Ubuntulibxmpcore-java< 5.1.3-1+3

▶NVDadobe/xmp_toolkit5.1.2

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

OSV

Moderate severity vulnerability that affects com.adobe.xmp:xmpcore↗2018-10-19

▶

GHSA

Moderate severity vulnerability that affects com.adobe.xmp:xmpcore↗2018-10-19

▶

OSV

CVE-2016-4216: XMPCore in Adobe XMP Toolkit for Java before 5↗2016-07-13

▶

CVEList

CVE-2016-4216: XMPCore in Adobe XMP Toolkit for Java before 5↗2016-07-13

▶

📋Vendor Advisories

Red Hat

xmpcore: XXE resulting in information disclosure↗2016-07-12

▶

💬Community

Bugzilla

CVE-2016-4216 xmpcore: XXE resulting in information disclosure [fedora-all]↗2017-12-11

▶

Bugzilla

CVE-2016-4216 xmpcore: XXE resulting in information disclosure↗2017-12-11

▶

Bugzilla

CVE-2016-4216 xmpcore: XXE resulting in information disclosure [epel-7]↗2017-12-11

▶