diff --git a/src/jp2image_int.cpp b/src/jp2image_int.cpp
index 9d67bc6c..c4a35638 100644
--- a/src/jp2image_int.cpp
+++ b/src/jp2image_int.cpp
@@ -11,7 +11,7 @@ namespace Exiv2::Internal {
 
 bool isValidBoxFileType(const std::vector<uint8_t>& boxData) {
   // BR & MinV are obligatory (4 + 4 bytes). Afterwards we have N compatibility lists (of size 4)
-  if ((boxData.size() - 8u) % 4u != 0) {
+  if (boxData.size() < 8 || ((boxData.size() - 8u) % 4u) != 0) {
     return false;
   }
 
diff --git a/test/data/issue_2178_poc.jp2 b/test/data/issue_2178_poc.jp2
new file mode 100644
index 00000000..364deecd
Binary files /dev/null and b/test/data/issue_2178_poc.jp2 differ
diff --git a/tests/regression_tests/test_regression_allfiles.py b/tests/regression_tests/test_regression_allfiles.py
index b47f876e..1e593caf 100644
--- a/tests/regression_tests/test_regression_allfiles.py
+++ b/tests/regression_tests/test_regression_allfiles.py
@@ -89,6 +89,7 @@ def get_valid_files(data_dir):
         "issue_869_poc.png",
         "issue_960.poc.webp",
         "issue_2160_poc.jpg",
+        "issue_2178_poc.jp2",
         "issue_ghsa_583f_w9pm_99r2_poc.jp2",
         "issue_ghsa_7569_phvm_vwc2_poc.jp2",
         "issue_ghsa_mxw9_qx4c_6m8v_poc.jp2",
diff --git a/unitTests/test_jp2image_int.cpp b/unitTests/test_jp2image_int.cpp
index 6af2bb2a..cd83c19b 100644
--- a/unitTests/test_jp2image_int.cpp
+++ b/unitTests/test_jp2image_int.cpp
@@ -58,6 +58,11 @@ TEST(Jp2_FileTypeBox, withInvalidBoxDataSizeIsInvalid) {
   ASSERT_FALSE(isValidBoxFileType(boxData));
 }
 
+TEST(Jp2_FileTypeBox, withSmallBoxDataSizeIsInvalid) {
+  std::vector<std::uint8_t> boxData(7);  // Minimum size is 8
+  ASSERT_FALSE(isValidBoxFileType(boxData));
+}
+
 TEST(Jp2_FileTypeBox, with2CLs_lastOneWithBrandValue_isValid) {
   std::vector<std::uint8_t> boxData(16);
   // The first 4 bytes correspond to the BR (Brand). It must have the value 'jp2\040'