diff --git a/src/jp2image_int.cpp b/src/jp2image_int.cpp
index 9d67bc6c..c4a35638 100644
--- a/src/jp2image_int.cpp
+++ b/src/jp2image_int.cpp
@@ -11,7 +11,7 @@ namespace Exiv2::Internal {
 
 bool isValidBoxFileType(const std::vector<uint8_t>& boxData) {
   // BR & MinV are obligatory (4 + 4 bytes). Afterwards we have N compatibility lists (of size 4)
-  if ((boxData.size() - 8u) % 4u != 0) {
+  if (boxData.size() < 8 || ((boxData.size() - 8u) % 4u) != 0) {
     return false;
   }
 
diff --git a/unitTests/test_jp2image_int.cpp b/unitTests/test_jp2image_int.cpp
index 6af2bb2a..cd83c19b 100644
--- a/unitTests/test_jp2image_int.cpp
+++ b/unitTests/test_jp2image_int.cpp
@@ -58,6 +58,11 @@ TEST(Jp2_FileTypeBox, withInvalidBoxDataSizeIsInvalid) {
   ASSERT_FALSE(isValidBoxFileType(boxData));
 }
 
+TEST(Jp2_FileTypeBox, withSmallBoxDataSizeIsInvalid) {
+  std::vector<std::uint8_t> boxData(7);  // Minimum size is 8
+  ASSERT_FALSE(isValidBoxFileType(boxData));
+}
+
 TEST(Jp2_FileTypeBox, with2CLs_lastOneWithBrandValue_isValid) {
   std::vector<std::uint8_t> boxData(16);
   // The first 4 bytes correspond to the BR (Brand). It must have the value 'jp2\040'