--- libwmf-0.2.8.4/src/extra/gd/gd_gd2.c
+++ libwmf-0.2.8.4/src/extra/gd/gd_gd2.c
@@ -145,6 +145,11 @@
 
   if ((*fmt) == GD2_FMT_COMPRESSED)
     {
+      if (*ncx <= 0 || *ncy <= 0 || *ncx > INT_MAX / *ncy) {
+              GD2_DBG(printf ("Illegal chunk counts: %d * %d\n", *ncx, *ncy));
+              goto fail1;
+      }
+
       nc = (*ncx) * (*ncy);
       GD2_DBG (printf ("Reading %d chunk index entries\n", nc));
       sidx = sizeof (t_chunk_info) * nc;