Mandriva Linux Security Advisory – An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity. The previous update used a bad patch which made Amarok interface very unresponsive while playing FLAC files. This new update fixes the security issue with a better patch.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/63870/MDVSA-2008-046-1.txt
Source: https://packetstormsecurity.com/files/63870/Mandriva-Linux-Security-Advisory-2008-046.html