An update for xmpcore is now available for openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1319 Final 1.0 1.0 2026-02-06 Initial 2026-02-06 2026-02-06 openEuler SA Tool V1.0 2026-02-06 xmpcore security update An update for xmpcore is now available for openEuler-24.03-LTS-SP1 The XMP Library for Java is based on the C++ XMPCore library and the API is similar. Security Fix(es): XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.(CVE-2016-4216) An update for xmpcore is now available for openEuler-24.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High xmpcore https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1319 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2016-4216 https://nvd.nist.gov/vuln/detail/CVE-2016-4216 openEuler-24.03-LTS-SP1 xmpcore-6.1.10-1.oe2403sp1.noarch.rpm xmpcore-javadoc-6.1.10-1.oe2403sp1.noarch.rpm xmpcore-6.1.10-1.oe2403sp1.src.rpm XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2026-02-06 CVE-2016-4216 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N xmpcore security update 2026-02-06 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1319