Add advisory for stainless_ffmpeg FormatContext stream_index unsoundness

[sisy2020]

Affected crate(s)

• stainless_ffmpeg (634 recent downloads per crates.io)

Links to upstream issue(s) or PR(s)

• Upstream issue: Possible unsound APIs nomalab/stainless-ffmpeg#63
• Fix PR: mark functions with stream_index parameter in FormatContext as unsafe nomalab/stainless-ffmpeg#64
• Fix commit: nomalab/stainless-ffmpeg@a649e8c

Severity

This advisory classifies the issue as informational unsound. Affected versions exposed safe public FormatContext methods that accepted a stream_index parameter and used it in unsafe pointer operations without checking whether the index was valid. Safe callers could pass a negative or out-of-bounds stream_index, which could trigger undefined behavior without using unsafe.

The issue was fixed upstream in 0.6.0 by marking the affected methods as unsafe and documenting the caller's safety requirement.

Checklist

• Advisory filename(s) starts with RUSTSEC-0000-0000 as the ID
• date field is set to the public disclosure date
• Contains a concise and descriptive title after advisory metadata
• Asked maintainer(s) if publishing an advisory is appropriate

[djc]

Waiting for maintainer confirmation.