diff -rupN --no-dereference Pillow-5.4.1/src/libImaging/FliDecode.c Pillow-5.4.1-new/src/libImaging/FliDecode.c
--- Pillow-5.4.1/src/libImaging/FliDecode.c	2020-02-13 14:44:21.491015777 +0100
+++ Pillow-5.4.1-new/src/libImaging/FliDecode.c	2020-02-13 14:44:21.544015384 +0100
@@ -40,8 +40,7 @@ ImagingFliDecode(Imaging im, ImagingCode
 	return 0;
 
     /* We don't decode anything unless we have a full chunk in the
-       input buffer (on the other hand, the Python part of the driver
-       makes sure this is always the case) */
+       input buffer */
 
     ptr = buf;
 
@@ -52,6 +51,10 @@ ImagingFliDecode(Imaging im, ImagingCode
     /* Make sure this is a frame chunk.  The Python driver takes
        case of other chunk types. */
 
+    if (bytes < 8) {
+        state->errcode = IMAGING_CODEC_OVERRUN;
+        return -1;
+    }
     if (I16(ptr+4) != 0xF1FA) {
 	state->errcode = IMAGING_CODEC_UNKNOWN;
 	return -1;
diff -rupN --no-dereference Pillow-5.4.1/Tests/test_image.py Pillow-5.4.1-new/Tests/test_image.py
--- Pillow-5.4.1/Tests/test_image.py	2019-01-06 13:12:16.000000000 +0100
+++ Pillow-5.4.1-new/Tests/test_image.py	2020-02-13 14:44:21.544015384 +0100
@@ -561,6 +561,13 @@ class TestRegistry(PillowTestCase):
                                                       ('args',),
                                                       extra=('extra',))
 
+        with Image.open("Tests/images/fli_overrun2.bin") as im:
+            try:
+                im.seek(1)
+                self.assertFail()
+            except IOError as e:
+                self.assertEqual(str(e), "buffer overrun when reading image file")
+
 
 if __name__ == '__main__':
     unittest.main()