CVE-2024-47775: 
NixOS vulnerability analysis and mitigation

GStreamer, a library for constructing graphs of media-handling components, contains an out-of-bounds read vulnerability (CVE-2024-47775) in the parse_ds64 function within gstwavparse.c. The vulnerability was discovered on December 11, 2024, and affects versions prior to 1.24.10. The parse_ds64 function fails to verify that the buffer contains sufficient data before performing multiple GST_READ_UINT32_LE operations without boundary checks (GitHub Advisory, NVD).

The vulnerability occurs in the parse_ds64 function where multiple GST_READ_UINT32_LE operations are performed without proper boundary checks. The function attempts to read from the buffer at various offsets (map.data + 24, map.data + 34, map.data + 44, map.data + 54) without verifying if sufficient data exists. The vulnerability has been assigned a CVSS v3.1 base score of 9.1 (Critical) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H (NVD).

When exploited, this vulnerability allows reading beyond the bounds of the data buffer, which can result in two potential outcomes: a crash leading to denial of service, or the leak of sensitive data from process memory (GitHub Advisory).

The vulnerability has been fixed in GStreamer version 1.24.10. Users are advised to upgrade to this version or later. The fix includes adding proper boundary checks before performing read operations on the buffer (GStreamer Advisory).