diff --git a/src/dec/vp8l.c b/src/dec/vp8l.c
index 7ba4bdcd..1a8431df 100644
--- a/src/dec/vp8l.c
+++ b/src/dec/vp8l.c
@@ -250,8 +250,8 @@ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
       codes[1] = 1;
       code_lengths[1] = num_symbols - 1;
     }
-    ok = HuffmanTreeBuildExplicit(tree, code_lengths, codes,
-                                  symbols, num_symbols);
+    ok = HuffmanTreeBuildExplicit(tree, code_lengths, codes, symbols,
+                                  alphabet_size, num_symbols);
   } else {  // Decode Huffman-coded code lengths.
     int* code_lengths = NULL;
     int i;
diff --git a/src/utils/huffman.c b/src/utils/huffman.c
index 7b9e8fd7..f6228af4 100644
--- a/src/utils/huffman.c
+++ b/src/utils/huffman.c
@@ -163,6 +163,11 @@ int HuffmanTreeBuildImplicit(HuffmanTree* const tree,
 
   // Build tree.
   if (num_symbols == 1) {  // Trivial case.
+    const int max_symbol = code_lengths_size;
+    if (root_symbol < 0 || root_symbol >= max_symbol) {
+      HuffmanTreeRelease(tree);
+      return 0;
+    }
     return TreeAddSymbol(tree, root_symbol, 0, 0);
   } else {  // Normal case.
     int ok = 0;
@@ -195,7 +200,7 @@ int HuffmanTreeBuildImplicit(HuffmanTree* const tree,
 int HuffmanTreeBuildExplicit(HuffmanTree* const tree,
                              const int* const code_lengths,
                              const int* const codes,
-                             const int* const symbols,
+                             const int* const symbols, int max_symbol,
                              int num_symbols) {
   int ok = 0;
   int i;
@@ -211,6 +216,9 @@ int HuffmanTreeBuildExplicit(HuffmanTree* const tree,
   // Add symbols one-by-one.
   for (i = 0; i < num_symbols; ++i) {
     if (codes[i] != NON_EXISTENT_SYMBOL) {
+      if (symbols[i] < 0 || symbols[i] >= max_symbol) {
+        goto End;
+      }
       if (!TreeAddSymbol(tree, symbols[i], codes[i], code_lengths[i])) {
         goto End;
       }
diff --git a/src/utils/huffman.h b/src/utils/huffman.h
index dc3edc81..7d6eef42 100644
--- a/src/utils/huffman.h
+++ b/src/utils/huffman.h
@@ -56,12 +56,12 @@ int HuffmanTreeBuildImplicit(HuffmanTree* const tree,
                              int code_lengths_size);
 
 // Build a Huffman tree with explicitly given lists of code lengths, codes
-// and symbols.
-// Returns false in case of error (invalid tree or memory error).
+// and symbols. Verifies that all symbols added are smaller than max_symbol.
+// Returns false in case of an invalid symbol, invalid tree or memory error.
 int HuffmanTreeBuildExplicit(HuffmanTree* const tree,
                              const int* const code_lengths,
                              const int* const codes,
-                             const int* const symbols,
+                             const int* const symbols, int max_symbol,
                              int num_symbols);
 
 // Utility: converts Huffman code lengths to corresponding Huffman codes.