Mandriva Linux Security Advisory – The DS_VideoDecoder_Open function in DirectShow/DS_VideoDecoder.c in xine-lib does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/55073/MDKSA-2007-062.txt
Source: https://packetstormsecurity.com/files/55073/Mandriva-Linux-Security-Advisory-2007.062.html