diff --git a/src/lib/OpenEXRCore/parse_header.c b/src/lib/OpenEXRCore/parse_header.c
index c90c0c38e..576aa9fc6 100644
--- a/src/lib/OpenEXRCore/parse_header.c
+++ b/src/lib/OpenEXRCore/parse_header.c
@@ -607,7 +607,8 @@ extract_attr_string_vector (
 
         pulled += sizeof (int32_t);
         nlen = (int32_t) one_to_native32 ((uint32_t) nlen);
-        if (nlen < 0 || (ctxt->file_size > 0 && nlen > ctxt->file_size))
+        if (nlen < 0 || nlen > (attrsz - pulled) ||
+            (ctxt->file_size > 0 && nlen > ctxt->file_size))
         {
             rv = ctxt->print_error (
                 ctxt,