diff --git a/libavformat/mov.c b/libavformat/mov.c
index b03c44c176eae34ee447086f489ad0e02e3820d2..f5a7bbf06e4d267e849870e69e381e8156930006 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -291,6 +291,8 @@ static int mov_read_esds(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
         len = mp4_read_descr(c, pb, &tag);
         if (tag == MP4DecSpecificDescrTag) {
             dprintf(c->fc, "Specific MPEG4 header len=%d\n", len);
+            if((uint64_t)len > (1<<30))
+                return -1;
             st->codec->extradata = av_mallocz(len + FF_INPUT_BUFFER_PADDING_SIZE);
             if (!st->codec->extradata)
                 return AVERROR(ENOMEM);