diff --git a/src/libFLAC/metadata_object.c b/src/libFLAC/metadata_object.c
index 05ca6b3..33db80b 100644
--- a/src/libFLAC/metadata_object.c
+++ b/src/libFLAC/metadata_object.c
@@ -1799,6 +1799,9 @@ FLAC_API FLAC__bool FLAC__metadata_object_picture_set_data(FLAC__StreamMetadata
 	FLAC__ASSERT(object->type == FLAC__METADATA_TYPE_PICTURE);
 	FLAC__ASSERT((0 != data && length > 0) || (0 == data && length == 0 && copy == false));
 
+	if(length >= (1u << FLAC__STREAM_METADATA_LENGTH_LEN))
+		return false;
+
 	old = object->data.picture.data;
 
 	/* do the copy first so that if we fail we leave the object untouched */
diff --git a/src/share/grabbag/picture.c b/src/share/grabbag/picture.c
index d183f80..cca4b7f 100644
--- a/src/share/grabbag/picture.c
+++ b/src/share/grabbag/picture.c
@@ -273,7 +273,8 @@ static const char *error_messages[] = {
 	"invalid picture type",
 	"unable to guess MIME type from file, user must set explicitly",
 	"type 1 icon must be a 32x32 pixel PNG",
-	"file not found"
+	"file not found", /* currently unused */
+	"file is too large"
 };
 
 static const char * read_file (const char * filepath, FLAC__StreamMetadata * obj)
@@ -286,6 +287,9 @@ static const char * read_file (const char * filepath, FLAC__StreamMetadata * obj
 	if (size < 0)
 		return error_messages[5];
 
+	if (size >= (1u << FLAC__STREAM_METADATA_LENGTH_LEN))
+		return error_messages[11];
+
 	if ((buffer = safe_malloc_(size)) == NULL)
 		return error_messages[0];