Index: libarchive-2.8.5/libarchive/archive_read_support_format_iso9660.c
===================================================================
--- libarchive-2.8.5.orig/libarchive/archive_read_support_format_iso9660.c
+++ libarchive-2.8.5/libarchive/archive_read_support_format_iso9660.c
@@ -2161,6 +2161,12 @@ read_CE(struct archive_read *a, struct i
 		}
 		do {
 			file = heap->reqs[0].file;
+			if (file->ce_offset + file->ce_size > step) {
+				archive_set_error(&a->archive,
+				    ARCHIVE_ERRNO_FILE_FORMAT,
+				    "Malformed CE information");
+				return (ARCHIVE_FATAL);
+			}
 			p = b + file->ce_offset;
 			end = p + file->ce_size;
 			next_CE(heap);