diff --git a/shim.c b/shim.c
index 1978ff6..f743e8e 100644
--- a/shim.c
+++ b/shim.c
@@ -915,6 +915,11 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 	unsigned int size = datasize;
 
 	if (context->SecDir->Size != 0) {
+		if (context->SecDir->Size >= size) {
+			perror(L"Certificate Database size is too large\n");
+			return EFI_INVALID_PARAMETER;
+		}
+
 		cert = ImageAddress (data, size,
 				     context->SecDir->VirtualAddress);
 
@@ -923,6 +928,11 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 			return EFI_INVALID_PARAMETER;
 		}
 
+		if (cert->Hdr.dwLength > context->SecDir->Size) {
+			perror(L"Certificate list size is inconsistent with PE headers");
+			return EFI_INVALID_PARAMETER;
+		}
+
 		if (cert->Hdr.wCertificateType !=
 		    WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
 			perror(L"Unsupported certificate type %x\n",