diff --git a/ChangeLog b/ChangeLog
index afd34e9c9..4cc2e536f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2015-10-10  Werner Lemberg  <wl@gnu.org>
+
+	* src/pcf/pcfread.c (pcf_read_TOC): Check stream size (#46162).
+
 2015-10-09  Werner Lemberg  <wl@gnu.org>
 
 	* src/gzip/ftgzip.c (FT_Stream_OpenGzip): Use real stream size.
diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c
index afad27803..6a248cfcc 100644
--- a/src/pcf/pcfread.c
+++ b/src/pcf/pcfread.c
@@ -106,6 +106,9 @@ THE SOFTWARE.
          toc->count   == 0                )
       return FT_THROW( Invalid_File_Format );
 
+    if ( stream->size < 16 )
+      return FT_THROW( Invalid_File_Format );
+
     /* we need 16 bytes per TOC entry */
     if ( toc->count > stream->size >> 4 )
     {