1 files changed, 8 insertions, 2 deletions

diff --git a/src/gui/image/qppmhandler.cpp b/src/gui/image/qppmhandler.cpp
index 1863c58ff0..6f6469042b 100644
--- a/src/gui/image/qppmhandler.cpp
+++ b/src/gui/image/qppmhandler.cpp
@@ -68,13 +68,19 @@ static int read_pbm_int(QIODevice *d)
     char c;
     int          val = -1;
     bool  digit;
+    bool hasOverflow = false;
     for (;;) {
         if (!d->getChar(&c))                // end of file
             break;
         digit = isdigit((uchar) c);
         if (val != -1) {
             if (digit) {
-                val = 10*val + c - '0';
+                const int cValue = c - '0';
+                if (val <= (INT_MAX - cValue) / 10) {
+                    val = 10*val + cValue;
+                } else {
+                    hasOverflow = true;
+                }
                 continue;
             } else {
                 if (c == '#')                        // comment
@@ -91,7 +97,7 @@ static int read_pbm_int(QIODevice *d)
         else
             break;
     }
-    return val;
+    return hasOverflow ? -1 : val;
 }
 
 static bool read_pbm_header(QIODevice *device, char& type, int& w, int& h, int& mcc)