diff --git a/mp4/mime.go b/mp4/mime.go
index 830eb15..c01499c 100644
--- a/mp4/mime.go
+++ b/mp4/mime.go
@@ -1,6 +1,7 @@
 package mp4
 
 import (
+	"fmt"
 	"io"
 
 	"github.com/Eyevinn/mp4ff/bits"
@@ -31,6 +32,9 @@ func DecodeMimeSR(hdr BoxHeader, startPos uint64, sr bits.SliceReader) (Box, err
 		Version: byte(versionAndFlags >> 24),
 		Flags:   versionAndFlags & flagsMask,
 	}
+	if hdr.payloadLen() < 5 {
+		return nil, fmt.Errorf("mime: box payload size %d less than 5", hdr.payloadLen())
+	}
 	rest := sr.ReadBytes(hdr.payloadLen() - 4)
 	if rest[len(rest)-1] == 0 { // zero-termination
 		b.ContentType = string(rest[:len(rest)-1])
diff --git a/mp4/testdata/fuzz/FuzzDecodeBox/77cf6e30648805ea b/mp4/testdata/fuzz/FuzzDecodeBox/77cf6e30648805ea
new file mode 100644
index 0000000..5f053b3
--- /dev/null
+++ b/mp4/testdata/fuzz/FuzzDecodeBox/77cf6e30648805ea
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("\x00\x00\x00\fmime0000")