diff -urNp a/IlmImf/ImfHuf.cpp b/IlmImf/ImfHuf.cpp
--- a/IlmImf/ImfHuf.cpp	2020-06-02 12:35:17.259513392 +0200
+++ b/IlmImf/ImfHuf.cpp	2020-06-02 12:51:34.629524885 +0200
@@ -1058,6 +1058,11 @@ hufUncompress (const char compressed[],
 
     const char *ptr = compressed + 20;
 
+    if ( ptr + (nBits+7 )/8 > compressed+nCompressed)
+    {
+        throw InputExc("invalid bit count for data size in Huf data");
+    }
+
     AutoArray <Int64, HUF_ENCSIZE> freq;
     AutoArray <HufDec, HUF_DECSIZE> hdec;