[GHSA-5qr3-hm6r-fwx9] In MIFF image processing in ImageMagick before 7.1.1-44,...

[kbsteere]

Updates

• Affected products
• Description
• References
• Summary

Comments
Updating to enrichment information for legacy version 6.x.x-xx which this issue was also addressed in.

[kbsteere]

The affected section was set to require for some reason. I've been unable to revert it.

[kbsteere]

Suggested change

	"affected": [
	{
	"package": {
	"ecosystem": "Packagist",
	"name": ""
	},
	"ranges": [
	{
	"type": "ECOSYSTEM",
	"events": [
	{
	"introduced": "0"
	}
	]
	}
	]
	}
	],
	"affected": [],

[JonathanLEvans]

Hi @kbsteere, thank you for your contribution. GitHub only reviews advisories in one of the supported ecosystems. Could you provide a link to where you found ImageMagick in one of the ecosystems?

[kbsteere]

I didn't find it in that ecosystem. I used the gui to create this change and it wouldn't let me continue without adding an ecosystem. Don't know if it's a bug or some restriction for this GHSA. I created the suggested code change above because it should be an empty array since C/C++ is not a supported ecosystem.

[JonathanLEvans]

I am closing this request because it is out of scope. However, MITRE assigned the CVE ID so they can update the CVE record. You can contact MITRE through their webform at https://cveform.mitre.org/.