Adobe Security Bulletin

Security update available for Adobe XMP Toolkit for Java

Release date: July 12, 2016

Vulnerability identifier: APSB16-24

Priority: 3

CVE number: CVE-2016-4216

Platform: All

Summary

Adobe has released a security update for the Adobe XMP Toolkit for Java. This update resolves an important vulnerability that could lead to information disclosure (CVE-2016-4216). Adobe recommends users update their product installation using the instructions provided in the “Solution” Section below.

Affected software versions

Product Affected Version Platform
Adobe XMP Tooklit for Java 5.1.2 and earlier versions All

Solution

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version by following the instructions below:

Product Updated version Platform Priority rating Availability
Adobe XMP Toolkit for Java 5.1.3 All 3 Download page

Adobe XMP toolkit for Java users can download the updated version via the following download page: http://www.adobe.com/devnet/xmp.html.  Adobe expects the updated version to be available during the week of July 11, 2016. 

Vulnerability Details

This update resolves an issue associated with the parsing of crafted XML external entities in XMPCore that could lead to information disclosure (CVE-2016-4216).

Acknowledgments

Adobe would like to thank Tim Allison of the MITRE corporation for reporting this issue (CVE-2016-4216) and for working with Adobe to help protect our customers.