diff -rupN --no-dereference Pillow-5.4.1/src/libImaging/RawDecode.c Pillow-5.4.1-new/src/libImaging/RawDecode.c
--- Pillow-5.4.1/src/libImaging/RawDecode.c	2019-01-06 13:12:16.000000000 +0100
+++ Pillow-5.4.1-new/src/libImaging/RawDecode.c	2020-02-13 14:44:21.335016936 +0100
@@ -33,8 +33,15 @@ ImagingRawDecode(Imaging im, ImagingCode
 
 	/* get size of image data and padding */
 	state->bytes = (state->xsize * state->bits + 7) / 8;
-	rawstate->skip = (rawstate->stride) ?
-	    rawstate->stride - state->bytes : 0;
+	if (rawstate->stride) {
+	    rawstate->skip = rawstate->stride - state->bytes;
+	    if (rawstate->skip < 0) {
+	        state->errcode = IMAGING_CODEC_CONFIG;
+	        return -1;
+	    }
+	} else {
+	    rawstate->skip = 0;
+	}
 
 	/* check image orientation */
 	if (state->ystep < 0) {
diff -rupN --no-dereference Pillow-5.4.1/src/PIL/PsdImagePlugin.py Pillow-5.4.1-new/src/PIL/PsdImagePlugin.py
--- Pillow-5.4.1/src/PIL/PsdImagePlugin.py	2019-01-06 13:12:16.000000000 +0100
+++ Pillow-5.4.1-new/src/PIL/PsdImagePlugin.py	2020-02-13 14:44:21.336016928 +0100
@@ -209,9 +209,11 @@ def _layerinfo(file):
         # skip over blend flags and extra information
         read(12)  # filler
         name = ""
-        size = i32(read(4))
+        size = i32(read(4))  # length of the extra data field
         combined = 0
         if size:
+            data_end = file.tell() + size
+
             length = i32(read(4))
             if length:
                 file.seek(length - 16, 1)
@@ -229,7 +231,7 @@ def _layerinfo(file):
                 name = read(length).decode('latin-1', 'replace')
             combined += length + 1
 
-        file.seek(size - combined, 1)
+            file.seek(data_end)
         layers.append((name, mode, (x0, y0, x1, y1)))
 
     # get tiles