CVE-2024-47774: 
NixOS vulnerability analysis and mitigation

GStreamer, a library for constructing graphs of media-handling components, was found to contain an out-of-bounds read vulnerability (CVE-2024-47774) in the gstavisubtitleparsegab2chunk function within gstavisubtitle.c. The vulnerability was discovered by Antonio Morales from the GitHub Security Lab team and was fixed in version 1.24.10 ([GitHub Advisory](https://securitylab.github.com/advisories/GHSL-2024-262Gstreamer/), NVD).

The vulnerability occurs when the function reads the namelength value directly from the input file without proper validation. The condition fails to handle cases where namelength is greater than 0xFFFFFFFF - 17, resulting in an integer overflow. This leads to the function attempting to access memory beyond the buffer with GSTREADUINT16LE(map.data + 11 + namelength), causing an out-of-bounds read. The issue has been assigned a CVSS v3.1 base score of 9.1 CRITICAL (NVD).

The vulnerability can result in application crashes leading to denial of service or potentially leak sensitive information through out-of-bounds memory reads (GitHub Advisory).

The vulnerability has been fixed in GStreamer version 1.24.10. Users are advised to upgrade to this version or later. The fix includes proper size checks and overflow prevention in the affected function (GitLab Patch).