diff --git a/CHANGES.md b/CHANGES.md
index 1c0c061..b399fdf 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -14,7 +14,7 @@ v1.5.0 - YYYY-MM-DD
 - Now support opening damaged PDF files (Issue #45)
 - Updated documentation (Issue #95)
 - Updated the pdf2txt example to support font encodings.
-- Fixed a potential heap overflow in the TrueType font code.
+- Fixed potential heap/integer overflow issues in the TrueType cmap code.
 
 
 v1.4.1 - 2025-01-24
diff --git a/ttf.c b/ttf.c
index 896e695..8cabc7e 100644
--- a/ttf.c
+++ b/ttf.c
@@ -1423,7 +1423,7 @@ read_cmap(ttf_t *font)			// I - Font
 	    group->startGlyphID  = read_ulong(font);
 	    TTF_DEBUG("read_cmap: [%u] startCharCode=%u, endCharCode=%u, startGlyphID=%u\n", gidx, group->startCharCode, group->endCharCode, group->startGlyphID);
 
-            if (group->startCharCode > group->endCharCode)
+            if (group->startCharCode > group->endCharCode || group->startCharCode >= TTF_FONT_MAX_CHAR || group->endCharCode >= TTF_FONT_MAX_CHAR)
             {
 	      errorf(font, "Bad cmap table segment %u to %u.", group->startCharCode, group->endCharCode);
 	      free(groups);
@@ -1514,7 +1514,7 @@ read_cmap(ttf_t *font)			// I - Font
 	    group->glyphID       = read_ulong(font);
 	    TTF_DEBUG("read_cmap: [%u] startCharCode=%u, endCharCode=%u, glyphID=%u\n", gidx, group->startCharCode, group->endCharCode, group->glyphID);
 
-            if (group->startCharCode > group->endCharCode)
+            if (group->startCharCode > group->endCharCode || group->startCharCode >= TTF_FONT_MAX_CHAR || group->endCharCode >= TTF_FONT_MAX_CHAR)
             {
 	      errorf(font, "Bad cmap table segment %u to %u.", group->startCharCode, group->endCharCode);
 	      free(groups);