CVE-2016-4216
Published: 13 July 2016
XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libxmpcore-java Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Needed
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Released
(5.1.3-1)
|
|
| eoan |
Released
(5.1.3-1)
|
|
| focal |
Released
(5.1.3-1)
|
|
| groovy |
Released
(5.1.3-1)
|
|
| hirsute |
Released
(5.1.3-1)
|
|
| impish |
Released
(5.1.3-1)
|
|
| jammy |
Released
(5.1.3-1)
|
|
| kinetic |
Released
(5.1.3-1)
|
|
| lunar |
Released
(5.1.3-1)
|
|
| mantic |
Released
(5.1.3-1)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Released
(5.1.3)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Needed
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Ignored
(end of life)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |