CVE-2024-47834: 
NixOS vulnerability analysis and mitigation

GStreamer, a library for constructing graphs of media-handling components, was found to contain a Use-After-Free (UAF) read vulnerability (CVE-2024-47834) affecting the processing of CodecPrivate elements in Matroska streams. The vulnerability was discovered by Antonio Morales from the GitHub Security Lab and was disclosed on December 11, 2024. The issue affects GStreamer versions prior to 1.24.10 (GitHub Security Lab, GStreamer Advisory).

The vulnerability occurs in three stages within the Matroska demuxer: First, in the GSTMATROSKAIDCODECPRIVATE case within the gstmatroskademuxparsestream function, a data chunk is allocated using gstebmlreadbinary. Second, the allocated memory is freed in the gstmatroskatrackfree function through gfree (track->codecpriv). Finally, the freed memory is accessed in the gstvalueserializebuffer function, resulting in a UAF read vulnerability when the function attempts to process already freed memory (GitHub Security Lab).

The vulnerability can lead to an out-of-bounds read and memory leak. While the vulnerability does not directly result in a crash during normal operation, it can be detected when running the program with AddressSanitizer (ASAN) enabled. The issue allows a malicious third party to potentially trigger a crash of the application (GitHub Security Lab, GStreamer Advisory).

The vulnerability has been fixed in GStreamer version 1.24.10. Users of older versions are advised to update to this version or apply and recompile with the provided patch. The fix involves putting a copy of the codec data into the AMS/ACM caps, as the original codec data buffer is owned by matroskademux and doesn't necessarily live as long as the caps (GStreamer Advisory, [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/8057.patch)).