diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index d367ffbcda..3df911d7fb 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -168,6 +168,7 @@ void Jp2Image::readMetadata() {
           throw Error(ErrorCode::kerCorruptedMetadata);
         }
         boxFileTypeFound = true;
+        Internal::enforce(box.length >= boxHSize, ErrorCode::kerCorruptedMetadata);
         std::vector<byte> boxData(box.length - boxHSize);
         io_->readOrThrow(boxData.data(), boxData.size(), ErrorCode::kerCorruptedMetadata);
         if (!Internal::isValidBoxFileType(boxData))