Adobe xmpcore is vulnerable to XML external entity (XXE) attacks. The attacks are possible because it does not properly handle the XML data containing an external entity declaration in conjunction with an entity reference, allowing users to read arbitrary files.