diff --git a/src/pngimage.cpp b/src/pngimage.cpp
index 3407371a..b527901e 100644
--- a/src/pngimage.cpp
+++ b/src/pngimage.cpp
@@ -118,6 +118,7 @@ namespace Exiv2 {
         }
         clearMetadata();
 
+        const long imgSize = io_->size();
         DataBuf cheaderBuf(8);       // Chunk header size : 4 bytes (data size) + 4 bytes (chunk type).
 
         while(!io_->eof())
@@ -134,7 +135,8 @@ namespace Exiv2 {
 
             // Decode chunk data length.
             uint32_t dataOffset = Exiv2::getULong(cheaderBuf.pData_, Exiv2::bigEndian);
-            if (dataOffset > 0x7FFFFFFF) throw Exiv2::Error(14);
+            long pos = io_->tell();
+            if (pos == -1 || static_cast<long>(dataOffset) > imgSize - pos) throw Exiv2::Error(14);
 
             // Perform a chunk triage for item that we need.
 
diff --git a/test/bugfixes-test.sh b/test/bugfixes-test.sh
index 56cb285f..c5fad4f3 100755
--- a/test/bugfixes-test.sh
+++ b/test/bugfixes-test.sh
@@ -248,6 +248,13 @@ else
     printf "($num skipped) " >&3
 fi
 
+num=841
+filename=exiv2-bug$num.png
+printf "$num " >&3
+echo '------>' Bug $num '<-------' >&2
+cp -f ../data/$filename $filename
+$bin/exiv2 $filename
+
 ) 3>&1 > $results 2>&1
 
 printf "\n"
diff --git a/test/data/bugfixes-test.out b/test/data/bugfixes-test.out
index c78ecaf9..29dbe328 100644
Binary files a/test/data/bugfixes-test.out and b/test/data/bugfixes-test.out differ
diff --git a/test/data/exiv2-bug841.png b/test/data/exiv2-bug841.png
new file mode 100644
index 00000000..0c09c657
Binary files /dev/null and b/test/data/exiv2-bug841.png differ