From 72c264f151e9c0e676fe79752a601fd976d304b3 Mon Sep 17 00:00:00 2001
From: netliomax25-code <netliomax25@gmail.com>
Date: Fri, 29 May 2026 12:05:05 +0530
Subject: [PATCH] enforce minimum FileTypeBox length in Jp2Image::readMetadata

---
 src/jp2image.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index d367ffbcda..3df911d7fb 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -168,6 +168,7 @@ void Jp2Image::readMetadata() {
           throw Error(ErrorCode::kerCorruptedMetadata);
         }
         boxFileTypeFound = true;
+        Internal::enforce(box.length >= boxHSize, ErrorCode::kerCorruptedMetadata);
         std::vector<byte> boxData(box.length - boxHSize);
         io_->readOrThrow(boxData.data(), boxData.size(), ErrorCode::kerCorruptedMetadata);
         if (!Internal::isValidBoxFileType(boxData))