{
	"document":{
		"aggregate_severity":{
			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
			"text":"High"
		},
		"category":"csaf_vex",
		"csaf_version":"2.0",
		"distribution":{
			"tlp":{
				"label":"WHITE",
				"url":"https:/www.first.org/tlp/"
			}
		},
		"lang":"en",
		"notes":[
			{
				"text":"xmpcore security update",
				"category":"general",
				"title":"Synopsis"
			},
			{
				"text":"An update for xmpcore is now available for openEuler-22.03-LTS-SP4",
				"category":"general",
				"title":"Summary"
			},
			{
				"text":"The XMP Library for Java is based on the C++ XMPCore library and the API is similar.\n\nSecurity Fix(es):\n\nXMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.(CVE-2016-4216)",
				"category":"general",
				"title":"Description"
			},
			{
				"text":"An update for xmpcore is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
				"category":"general",
				"title":"Topic"
			},
			{
				"text":"High",
				"category":"general",
				"title":"Severity"
			},
			{
				"text":"xmpcore",
				"category":"general",
				"title":"Affected Component"
			}
		],
		"publisher":{
			"issuing_authority":"openEuler security committee",
			"name":"openEuler",
			"namespace":"https://www.openeuler.org",
			"contact_details":"openeuler-security@openeuler.org",
			"category":"vendor"
		},
		"references":[
			{
				"summary":"openEuler-SA-2026-1369",
				"category":"self",
				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1369"
			},
			{
				"summary":"CVE-2016-4216",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2016-4216&packageName=xmpcore"
			},
			{
				"summary":"nvd cve",
				"category":"external",
				"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4216"
			},
			{
				"summary":"openEuler-SA-2026-1369 vex file",
				"category":"self",
				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1369.json"
			}
		],
		"title":"An update for xmpcore is now available for openEuler-22.03-LTS-SP4",
		"tracking":{
			"initial_release_date":"2026-02-14T15:28:35+08:00",
			"revision_history":[
				{
					"date":"2026-02-14T15:28:35+08:00",
					"summary":"Initial",
					"number":"1.0.0"
				}
			],
			"generator":{
				"date":"2026-02-14T15:28:35+08:00",
				"engine":{
					"name":"openEuler CSAF Tool V1.0"
				}
			},
			"current_release_date":"2026-02-14T15:28:35+08:00",
			"id":"openEuler-SA-2026-1369",
			"version":"1.0.0",
			"status":"final"
		}
	},
	"product_tree":{
		"branches":[
			{
				"name":"openEuler",
				"category":"vendor",
				"branches":[
					{
						"name":"openEuler",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
									},
									"product_id":"openEuler-22.03-LTS-SP4",
									"name":"openEuler-22.03-LTS-SP4"
								},
								"name":"openEuler-22.03-LTS-SP4",
								"category":"product_version"
							}
						],
						"category":"product_name"
					},
					{
						"name":"noarch",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
									},
									"product_id":"xmpcore-6.1.10-1.oe2203sp4.noarch.rpm",
									"name":"xmpcore-6.1.10-1.oe2203sp4.noarch.rpm"
								},
								"name":"xmpcore-6.1.10-1.oe2203sp4.noarch.rpm",
								"category":"product_version"
							},
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
									},
									"product_id":"xmpcore-javadoc-6.1.10-1.oe2203sp4.noarch.rpm",
									"name":"xmpcore-javadoc-6.1.10-1.oe2203sp4.noarch.rpm"
								},
								"name":"xmpcore-javadoc-6.1.10-1.oe2203sp4.noarch.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					},
					{
						"name":"src",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
									},
									"product_id":"xmpcore-6.1.10-1.oe2203sp4.src.rpm",
									"name":"xmpcore-6.1.10-1.oe2203sp4.src.rpm"
								},
								"name":"xmpcore-6.1.10-1.oe2203sp4.src.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					}
				]
			}
		],
		"relationships":[
			{
				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
				"product_reference":"xmpcore-6.1.10-1.oe2203sp4.noarch.rpm",
				"full_product_name":{
					"product_id":"openEuler-22.03-LTS-SP4:xmpcore-6.1.10-1.oe2203sp4.noarch",
					"name":"xmpcore-6.1.10-1.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
				"product_reference":"xmpcore-javadoc-6.1.10-1.oe2203sp4.noarch.rpm",
				"full_product_name":{
					"product_id":"openEuler-22.03-LTS-SP4:xmpcore-javadoc-6.1.10-1.oe2203sp4.noarch",
					"name":"xmpcore-javadoc-6.1.10-1.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
				"product_reference":"xmpcore-6.1.10-1.oe2203sp4.src.rpm",
				"full_product_name":{
					"product_id":"openEuler-22.03-LTS-SP4:xmpcore-6.1.10-1.oe2203sp4.src",
					"name":"xmpcore-6.1.10-1.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4"
				},
				"category":"default_component_of"
			}
		]
	},
	"vulnerabilities":[
		{
			"cve":"CVE-2016-4216",
			"notes":[
				{
					"text":"XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
					"category":"description",
					"title":"Vulnerability Description"
				}
			],
			"product_status":{
				"fixed":[
					"openEuler-22.03-LTS-SP4:xmpcore-6.1.10-1.oe2203sp4.noarch",
					"openEuler-22.03-LTS-SP4:xmpcore-javadoc-6.1.10-1.oe2203sp4.noarch",
					"openEuler-22.03-LTS-SP4:xmpcore-6.1.10-1.oe2203sp4.src"
				]
			},
			"remediations":[
				{
					"product_ids":[
						"openEuler-22.03-LTS-SP4:xmpcore-6.1.10-1.oe2203sp4.noarch",
						"openEuler-22.03-LTS-SP4:xmpcore-javadoc-6.1.10-1.oe2203sp4.noarch",
						"openEuler-22.03-LTS-SP4:xmpcore-6.1.10-1.oe2203sp4.src"
					],
					"details":"xmpcore security update",
					"category":"vendor_fix",
					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1369"
				}
			],
			"scores":[
				{
					"cvss_v3":{
						"baseSeverity":"HIGH",
						"baseScore":7.5,
						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
						"version":"3.1"
					},
					"products":[
						"openEuler-22.03-LTS-SP4:xmpcore-6.1.10-1.oe2203sp4.noarch",
						"openEuler-22.03-LTS-SP4:xmpcore-javadoc-6.1.10-1.oe2203sp4.noarch",
						"openEuler-22.03-LTS-SP4:xmpcore-6.1.10-1.oe2203sp4.src"
					]
				}
			],
			"threats":[
				{
					"details":"High",
					"category":"impact"
				}
			],
			"title":"CVE-2016-4216"
		}
	]
}