{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"HIGH" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.", "category":"general", "title":"Synopsis" } ], "publisher":null, "references":[ { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4216" }, { "summary":"CVE-2016-4216 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/cve/2016/csaf-openeuler-cve-2016-4216.json" }, { "summary":"openEuler-SA-2026-1370", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1370" }, { "summary":"CVE-2016-4216", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2016-4216&packageName=xmpcore" } ], "title":"openEuler cve CVE-2016-4216", "tracking":{ "initial_release_date":"2026-02-14T15:38:03+08:00", "revision_history":[ { "date":"2026-02-14T15:38:03+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-02-14T15:38:03+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-02-14T15:38:03+08:00", "id":"CVE-2016-4216", "version":"1.0.0", "status":"interim" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"xmpcore-6.1.10-1.oe2403.noarch.rpm", "name":"xmpcore-6.1.10-1.oe2403.noarch.rpm" }, "name":"xmpcore-6.1.10-1.oe2403.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"xmpcore-javadoc-6.1.10-1.oe2403.noarch.rpm", "name":"xmpcore-javadoc-6.1.10-1.oe2403.noarch.rpm" }, "name":"xmpcore-javadoc-6.1.10-1.oe2403.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"xmpcore-6.1.10-1.oe2403.src.rpm", "name":"xmpcore-6.1.10-1.oe2403.src.rpm" }, "name":"xmpcore-6.1.10-1.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"xmpcore-6.1.10-1.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:xmpcore-6.1.10-1.oe2403.noarch", "name":"xmpcore-6.1.10-1.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"xmpcore-javadoc-6.1.10-1.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:xmpcore-javadoc-6.1.10-1.oe2403.noarch", "name":"xmpcore-javadoc-6.1.10-1.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"xmpcore-6.1.10-1.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:xmpcore-6.1.10-1.oe2403.src", "name":"xmpcore-6.1.10-1.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2016-4216", "notes":[ { "text":"XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:xmpcore-6.1.10-1.oe2403.noarch", "openEuler-24.03-LTS:xmpcore-javadoc-6.1.10-1.oe2403.noarch", "openEuler-24.03-LTS:xmpcore-6.1.10-1.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:xmpcore-6.1.10-1.oe2403.noarch", "openEuler-24.03-LTS:xmpcore-javadoc-6.1.10-1.oe2403.noarch", "openEuler-24.03-LTS:xmpcore-6.1.10-1.oe2403.src" ], "details":"xmpcore security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1370" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:xmpcore-6.1.10-1.oe2403.noarch", "openEuler-24.03-LTS:xmpcore-javadoc-6.1.10-1.oe2403.noarch", "openEuler-24.03-LTS:xmpcore-6.1.10-1.oe2403.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2016-4216" } ] }