diff --git a/src/quicktimevideo.cpp b/src/quicktimevideo.cpp
index b3f41373..011b3c29 100644
--- a/src/quicktimevideo.cpp
+++ b/src/quicktimevideo.cpp
@@ -834,6 +834,7 @@ void QuickTimeVideo::userDataDecoder(size_t size_external) {
     }
 
     else if (equalsQTimeTag(buf, "CMbo") || equalsQTimeTag(buf, "Cmbo")) {
+      enforce(tv, Exiv2::ErrorCode::kerCorruptedMetadata);
       io_->readOrThrow(buf.data(), 2);
       buf.data()[2] = '\0';
       tv_internal = find(cameraByteOrderTags, Exiv2::toString(buf.data()));
diff --git a/test/data/issue_2383_poc.mp4 b/test/data/issue_2383_poc.mp4
new file mode 100644
index 00000000..4c7f7bc9
Binary files /dev/null and b/test/data/issue_2383_poc.mp4 differ
diff --git a/tests/bugfixes/github/test_issue_2383.py b/tests/bugfixes/github/test_issue_2383.py
new file mode 100644
index 00000000..f71f5198
--- /dev/null
+++ b/tests/bugfixes/github/test_issue_2383.py
@@ -0,0 +1,13 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, check_no_ASAN_UBSAN_errors
+
+class issue_2383_QuickTimeVideo_userDataDecoder_null_deref(metaclass=CaseMeta):
+    url      = "https://github.com/Exiv2/exiv2/issues/2383"
+    filename = "$data_path/issue_2383_poc.mp4"
+    commands = ["$exiv2 $filename"]
+    retval   = [1]
+    stderr   = ["""$exiv2_exception_message $filename:
+$kerCorruptedMetadata
+"""]
+    stdout   = [""]
diff --git a/tests/regression_tests/test_regression_allfiles.py b/tests/regression_tests/test_regression_allfiles.py
index d4fb53b9..eacca4f8 100644
--- a/tests/regression_tests/test_regression_allfiles.py
+++ b/tests/regression_tests/test_regression_allfiles.py
@@ -63,6 +63,7 @@ def get_valid_files(data_dir):
         "issue_2366_poc.mp4",
         "issue_2376_poc.mp4",
         "issue_2377_poc.mp4",
+        "issue_2383_poc.mp4",
         "2018-01-09-exiv2-crash-001.tiff",
         "cve_2017_1000126_stack-oob-read.webp",
         "exiv2-bug1247.jpg",