diff --git a/ChangeLog b/ChangeLog
index 6f3cb5ae..61d84138 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,7 @@
 - make GIF parsing less strict
 - better feof() handling in GIF load
 - clip coding and interpretation on vips image read
+- check image bounds for GIF load
 
 24/5/19 started 8.8.1
 - improve realpath() use on older libc
diff --git a/libvips/foreign/gifload.c b/libvips/foreign/gifload.c
index a394da7a..eeb08b9c 100644
--- a/libvips/foreign/gifload.c
+++ b/libvips/foreign/gifload.c
@@ -1043,6 +1043,8 @@ vips_foreign_load_gif_load( VipsForeignLoad *load )
 static int
 vips_foreign_load_gif_open( VipsForeignLoadGif *gif )
 {
+	VipsObjectClass *class = VIPS_OBJECT_GET_CLASS( gif );
+
 #ifdef HAVE_GIFLIB_5
 {
 	int error;
@@ -1062,6 +1064,17 @@ vips_foreign_load_gif_open( VipsForeignLoadGif *gif )
 	gif->eof = FALSE;
 	gif->current_page = 0;
 
+	/* giflib does no checking of image dimensions, not even for 0.
+	 */
+	if( gif->file->SWidth <= 0 ||
+		gif->file->SWidth > VIPS_MAX_COORD ||
+		gif->file->SHeight <= 0 ||
+		gif->file->SHeight > VIPS_MAX_COORD ) {
+		vips_error( class->nickname, 
+			"%s", _( "image size out of bounds" ) );
+		return( -1 );
+	}
+
 	/* Allocate a line buffer now that we have the GIF width.
 	 */
 	VIPS_FREE( gif->line )