Release date: July 12, 2016
Vulnerability identifier: APSB16-24
CVE number: CVE-2016-4216
Adobe has released a security update for the Adobe XMP Toolkit for Java. This update resolves an important vulnerability that could lead to information disclosure (CVE-2016-4216). Adobe recommends users update their product installation using the instructions provided in the “Solution” Section below.
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version by following the instructions below:
|Product||Updated version||Platform||Priority rating||Availability|
|Adobe XMP Toolkit for Java||5.1.3||All||3||Download page|
Adobe XMP toolkit for Java users can download the updated version via the following download page: http://www.adobe.com/devnet/xmp.html. Adobe expects the updated version to be available during the week of July 11, 2016.
This update resolves an issue associated with the parsing of crafted XML external entities in XMPCore that could lead to information disclosure (CVE-2016-4216).