Adobe Security Bulletin

Release date: July 12, 2016

Vulnerability identifier: APSB16-24

Priority: 3

CVE number: CVE-2016-4216

Platform: All

Adobe has released a security update for the Adobe XMP Toolkit for Java. This update resolves an important vulnerability that could lead to information disclosure (CVE-2016-4216). Adobe recommends users update their product installation using the instructions provided in the “Solution” Section below.

Product	Affected Version	Platform
Adobe XMP Tooklit for Java	5.1.2 and earlier versions	All

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version by following the instructions below:

Product	Updated version	Platform	Priority rating	Availability
Adobe XMP Toolkit for Java	5.1.3	All	3	Download page

Adobe XMP toolkit for Java users can download the updated version via the following download page: http://www.adobe.com/devnet/xmp.html. Adobe expects the updated version to be available during the week of July 11, 2016.

This update resolves an issue associated with the parsing of crafted XML external entities in XMPCore that could lead to information disclosure (CVE-2016-4216).

Adobe would like to thank Tim Allison of the MITRE corporation for reporting this issue (CVE-2016-4216) and for working with Adobe to help protect our customers.

Adobe Security Bulletin

Security update available for Adobe XMP Toolkit for Java

Summary

Affected software versions

Solution

Vulnerability Details

Acknowledgments

Ask the Community

Contact Us