diff --git a/libavcodec/xan.c b/libavcodec/xan.c
index cc0ecea5eb..56675dbbb1 100644
--- a/libavcodec/xan.c
+++ b/libavcodec/xan.c
@@ -607,6 +607,9 @@ static int xan_decode_frame(AVCodecContext *avctx, AVFrame *frame,
         return AVERROR_INVALIDDATA;
     }
 
+    if (buf_size < 9)
+        return AVERROR_INVALIDDATA;
+
     if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)
         return ret;