diff --git a/src/image.cpp b/src/image.cpp
index 338720fc..818af4e7 100644
--- a/src/image.cpp
+++ b/src/image.cpp
@@ -73,6 +73,7 @@ EXIV2_RCSID("@(#) $Id$")
 #include <cstring>
 #include <cassert>
 #include <iostream>
+#include <limits>
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -459,6 +460,12 @@ namespace Exiv2 {
                             io.seek(restore,BasicIo::beg);
                         }
                     } else if ( option == kpsRecursive && tag == 0x83bb /* IPTCNAA */ ) {
+                        if (offset > std::numeric_limits<uint32_t>::max() - count) {
+                            throw Error(59);
+                        }
+                        if (static_cast<size_t>(offset + count) > io.size()) {
+                            throw Error(58);
+                        }
                         size_t   restore = io.tell();  // save
                         io.seek(offset,BasicIo::beg);  // position
                         byte* bytes=new byte[count] ;  // allocate memory
diff --git a/test/bugfixes-test.sh b/test/bugfixes-test.sh
index 71e3973e..ed47c985 100755
--- a/test/bugfixes-test.sh
+++ b/test/bugfixes-test.sh
@@ -793,6 +793,13 @@ source ./functions.source
     copyTestFile                      $filename
     runTest exiv2                     $filename
 
+    num=g159
+    printf "$num " >&3
+    filename=printStructure
+    echo '------>' Bug $filename '<-------' >&2
+    copyTestFile                      $filename
+    runTest exiv2                     $filename
+
 ) 3>&1 > $results 2>&1
 
 printf "\n"
diff --git a/test/data/bugfixes-test.out b/test/data/bugfixes-test.out
index e11674e2..c770a3fe 100644
Binary files a/test/data/bugfixes-test.out and b/test/data/bugfixes-test.out differ
diff --git a/test/data/printStructure b/test/data/printStructure
new file mode 100644
index 00000000..daebe7a4
Binary files /dev/null and b/test/data/printStructure differ