Potential secutiry vulnerabilities in the shared libraries which AudioMixer depends on.

[HelenParr]

Hi, @Piasy , @eritpchy , I'd like to report a vulnerability issue in com.github.piasy:AudioMixer:1.0.3.

Issue Description

com.github.piasy:AudioMixer:1.0.3 directly or transitively depends on 8 C libraries (.so) cross many platforms(such as x86-64, x86, arm64, armhf). However, I noticed that one C libraries is vulnerable, containing the following CVEs:

libaudio_mixer.so from C project ffmpeg(version:3.4.2) exposed 8 vulnerabilities: CVE-2018-1999012, CVE-2018-1999010, CVE-2018-1999015, CVE-2018-1999014, CVE-2018-14394, CVE-2018-1999011, CVE-2018-1999013, CVE-2018-15822

Suggested Vulnerability Patch Versions

FFmpeg has fixed the vulnerabilities in versions >=4.4.1

Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects. Could you please upgrade the above shared libraries to their patch versions?

Thanks for your help~ Best regards, Helen Parr