UBUNTU-CVE-2016-4216

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2016-4216

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-4216.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-4216

Upstream

CVE-2016-4216

Published

2016-07-13T02:00:00Z

Modified

2026-01-20T16:46:04.685603Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

Affected packages

Ubuntu:16.04:LTS

libxmpcore-java

Package

Name: libxmpcore-java
Purl: pkg:deb/ubuntu/libxmpcore-java@5.1.2-3?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.1.2-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.1.2-3",
            "binary_name": "libxmpcore-java"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-4216.json"

Ubuntu:18.04:LTS

libxmpcore-java

Package

Name: libxmpcore-java
Purl: pkg:deb/ubuntu/libxmpcore-java@5.1.2-3?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.1.2-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.1.2-3",
            "binary_name": "libxmpcore-java"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-4216.json"

Ubuntu:20.04:LTS

libxmpcore-java

Package

Name: libxmpcore-java
Purl: pkg:deb/ubuntu/libxmpcore-java@5.1.3-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.1.3-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.1.3-1",
            "binary_name": "libxmpcore-java"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-4216.json"

Ubuntu:22.04:LTS

libxmpcore-java

Package

Name: libxmpcore-java
Purl: pkg:deb/ubuntu/libxmpcore-java@5.1.3-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.1.3-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.1.3-1",
            "binary_name": "libxmpcore-java"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-4216.json"

Ubuntu:24.04:LTS

libxmpcore-java

Package

Name: libxmpcore-java
Purl: pkg:deb/ubuntu/libxmpcore-java@5.1.3-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.1.3-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.1.3-1",
            "binary_name": "libxmpcore-java"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-4216.json"

Ubuntu:25.10

libxmpcore-java

Package

Name: libxmpcore-java
Purl: pkg:deb/ubuntu/libxmpcore-java@5.1.3-1?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.1.3-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.1.3-1",
            "binary_name": "libxmpcore-java"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-4216.json"