diff --git a/ChangeLog b/ChangeLog
index 7c258a86..d942c7fb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,9 @@ master
 - support for N-colour ICC profiles
 - GIF load supports truncated frames [tlsa]
 
+9/11/22 started 8.13.4
+- missing include in mosaic_fuzzer [ServOKio]
+
 11/10/22 started 8.13.3
 - improve rules for 16-bit heifsave [johntrunc]
 - improve libspng pallette write [kleisauke]
diff --git a/fuzz/mosaic_fuzzer.cc b/fuzz/mosaic_fuzzer.cc
index e911d978..69f2d3ad 100644
--- a/fuzz/mosaic_fuzzer.cc
+++ b/fuzz/mosaic_fuzzer.cc
@@ -1,3 +1,4 @@
+#include <cstring>
 #include <vips/vips.h>
 
 struct mosaic_opt {
diff --git a/libvips/foreign/exif.c b/libvips/foreign/exif.c
index bda40425..a22526da 100644
--- a/libvips/foreign/exif.c
+++ b/libvips/foreign/exif.c
@@ -167,6 +167,10 @@ vips_exif_load_data_without_fix( const void *data, size_t length )
 	/* exif_data_load_data() only allows uint for length. Limit it to less
 	 * than that: 2**20 should be enough for anyone.
 	 */
+	if( length < 4 ) {
+		vips_error( "exif", "%s", _( "exif too small" ) );
+		return( NULL );
+	}
 	if( length > 1 << 20 ) {
 		vips_error( "exif", "%s", _( "exif too large" ) ); 
 		return( NULL );