Index: openjpeg-1.5.1/libopenjpeg/jp2.c
===================================================================
--- openjpeg-1.5.1.orig/libopenjpeg/jp2.c	2013-01-01 01:01:01.000000000 +0000
+++ openjpeg-1.5.1/libopenjpeg/jp2.c	2013-01-01 01:01:01.000000000 +0000
@@ -861,6 +861,13 @@ static opj_bool jp2_read_ftyp(opj_jp2_t
 	jp2->numcl = (box.length - 16) / 4;
 	jp2->cl = (unsigned int *) opj_malloc(jp2->numcl * sizeof(unsigned int));
 
+	if (cio_numbytesleft(cio) < ((int)jp2->numcl * 4)) {
+		opj_event_msg(cinfo, EVT_ERROR, "Not enough bytes in FTYP Box "
+				"(expected %d, but only %d left)\n",
+				((int)jp2->numcl * 4), cio_numbytesleft(cio));
+		return false;
+	}
+
 	for (i = 0; i < (int)jp2->numcl; i++) {
 		jp2->cl[i] = cio_read(cio, 4);	/* CLi */
 	}