diff --git a/ChangeLog b/ChangeLog
index cd4fe58e8..a69a1a493 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2015-09-15  Werner Lemberg  <wl@gnu.org>
+
+	[type1, type42] Check encoding array size (#45961).
+
+	* src/type1/t1load.c (parse_encoding), src/type42/t42parse.c
+	(t42_parse_encoding): Do it.
+
 2015-09-14  Alexei Podtelezhnikov  <apodtele@gmail.com>
 
 	* src/base/ftcalc.c (FT_MulFix) [FT_LONG64]: Improve.
diff --git a/src/type1/t1load.c b/src/type1/t1load.c
index 630f057ec..4d065f88a 100644
--- a/src/type1/t1load.c
+++ b/src/type1/t1load.c
@@ -1192,6 +1192,15 @@
       else
         count = (FT_Int)T1_ToInt( parser );
 
+      /* only composite fonts (which we don't support) */
+      /* can have larger values                        */
+      if ( count > 256 )
+      {
+        FT_ERROR(( "parse_encoding: invalid encoding array size\n" ));
+        parser->root.error = FT_THROW( Invalid_File_Format );
+        return;
+      }
+
       T1_Skip_Spaces( parser );
       if ( parser->root.cursor >= limit )
         return;
diff --git a/src/type42/t42parse.c b/src/type42/t42parse.c
index f7d5eb6fa..ae062daab 100644
--- a/src/type42/t42parse.c
+++ b/src/type42/t42parse.c
@@ -332,6 +332,15 @@
       else
         count = (FT_Int)T1_ToInt( parser );
 
+      /* only composite fonts (which we don't support) */
+      /* can have larger values                        */
+      if ( count > 256 )
+      {
+        FT_ERROR(( "t42_parse_encoding: invalid encoding array size\n" ));
+        parser->root.error = FT_THROW( Invalid_File_Format );
+        return;
+      }
+
       T1_Skip_Spaces( parser );
       if ( parser->root.cursor >= limit )
         return;