Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 allows remote attackers to execute arbitrary code via a crafted set of JPEG files and filenames.