Index: src/OFLHAArchiveEntry.m
==================================================================
--- src/OFLHAArchiveEntry.m
+++ src/OFLHAArchiveEntry.m
@@ -356,10 +356,13 @@
 			void *pool = objc_autoreleasePoolPush();
 			uint8_t extendedAreaSize;
 			uint8_t fileNameLength;
 			OFString *tmp;
 
+			if (header[0] < (21 - 2) + 1 + 2)
+				@throw [OFInvalidFormatException exception];
+
 			_modificationDate = [parseMSDOSDate(date) retain];
 
 			fileNameLength = [stream readInt8];
 			tmp = [stream readStringWithLength: fileNameLength
 						  encoding: encoding];
@@ -371,10 +374,14 @@
 
 			extendedAreaSize =
 			    header[0] - (21 - 2) - 1 - fileNameLength - 2;
 
 			if (_headerLevel == 1) {
+				if (extendedAreaSize < 3)
+					@throw [OFInvalidFormatException
+					    exception];
+
 				_operatingSystemIdentifier = [stream readInt8];
 
 				/*
 				 * 1 for the operating system identifier, 2
 				 * because we don't want to skip the size of