diff --git a/data/test/bad/367-PoC.jp2 b/data/test/bad/367-PoC.jp2
new file mode 100644
index 00000000..96e73789
Binary files /dev/null and b/data/test/bad/367-PoC.jp2 differ
diff --git a/src/libjasper/base/jas_icc.c b/src/libjasper/base/jas_icc.c
index f3ffcefe..eb25929d 100644
--- a/src/libjasper/base/jas_icc.c
+++ b/src/libjasper/base/jas_icc.c
@@ -1324,12 +1324,22 @@ static int jas_icctxt_input(jas_iccattrval_t *attrval, jas_stream_t *in,
 {
 	jas_icctxt_t *txt = &attrval->data.txt;
 	txt->string = 0;
+	/* The string must at least contain a single null character. */
+	if (cnt < 1) {
+		goto error;
+	}
 	if (!(txt->string = jas_malloc(cnt))) {
 		goto error;
 	}
 	if (jas_stream_read(in, txt->string, cnt) != cnt) {
 		goto error;
 	}
+	/* Ensure that the string is null terminated. */
+	if (txt->string[cnt - 1] != '\0') {
+		goto error;
+	}
+	/* The following line is redundant, unless we do not enforce that
+	  the last character must be null. */
 	txt->string[cnt - 1] = '\0';
 	if (strlen(txt->string) + 1 != cnt) {
 		goto error;