:: commit 32f2eaa972dc216b4e47f01a5994a871e8b9d0b1

diff --git a/common/fs/iso9660.s2.c b/common/fs/iso9660.s2.c
index c1b96bfb..48ded9f4 100644
--- a/common/fs/iso9660.s2.c
+++ b/common/fs/iso9660.s2.c
@@ -284,6 +284,11 @@ static struct iso9660_directory_entry *iso9660_next_entry(void *current, void *b
     if (entry->length < sizeof(struct iso9660_directory_entry))
         return NULL;
 
+    // Validate that the entire entry (as declared by its length field) is
+    // within the buffer, so callers can safely read all entry->length bytes.
+    if ((size_t)entry->length > (size_t)((uint8_t *)buffer_end - (uint8_t *)entry))
+        return NULL;
+
     return entry;
 }