diff --git a/filters/words/msword-odf/wv2/src/styles.cpp b/filters/words/msword-odf/wv2/src/styles.cpp
index 02a82a0..78ac31d 100644
--- a/filters/words/msword-odf/wv2/src/styles.cpp
+++ b/filters/words/msword-odf/wv2/src/styles.cpp
@@ -248,6 +248,11 @@ throw(InvalidFormatException)
 #ifdef WV2_DEBUG_STYLESHEET
         wvlog << "cbUPX: " << cbUPX << endl;
 #endif
+        // do not overflow the allocated buffer grupx
+        if (offset + cbUPX > grupxLen) {
+            wvlog << "====> Error: grupx would overflow!" << endl;
+            return false;
+        }
         for ( U16 j = 0; j < cbUPX; ++j ) {
             grupx[ offset + j ] = stream->readU8();  // read the whole UPX
 #ifdef WV2_DEBUG_STYLESHEET