diff --git a/libavcodec/dstdec.c b/libavcodec/dstdec.c
index 8a1bc6a738..48271b10f7 100644
--- a/libavcodec/dstdec.c
+++ b/libavcodec/dstdec.c
@@ -56,6 +56,7 @@ static const int8_t probs_code_pred_coeff[3][3] = {
 typedef struct ArithCoder {
     unsigned int a;
     unsigned int c;
+    int overread;
 } ArithCoder;
 
 typedef struct Table {
@@ -172,6 +173,7 @@ static void ac_init(ArithCoder *ac, GetBitContext *gb)
 {
     ac->a = 4095;
     ac->c = get_bits(gb, 12);
+    ac->overread = 0;
 }
 
 static av_always_inline void ac_get(ArithCoder *ac, GetBitContext *gb, int p, int *e)
@@ -191,6 +193,8 @@ static av_always_inline void ac_get(ArithCoder *ac, GetBitContext *gb, int p, in
     if (ac->a < 2048) {
         int n = 11 - av_log2(ac->a);
         ac->a <<= n;
+        if (get_bits_left(gb) < n)
+            ac->overread ++;
         ac->c = (ac->c << n) | get_bits(gb, n);
     }
 }
@@ -339,6 +343,9 @@ static int decode_frame(AVCodecContext *avctx, void *data,
                 prob = 128;
             }
 
+            if (ac->overread > 16)
+                return AVERROR_INVALIDDATA;
+
             ac_get(ac, gb, prob, &residual);
             v = ((predict >> 15) ^ residual) & 1;
             dsd[((i >> 3) * channels + ch) << 2] |= v << (7 - (i & 0x7 ));