diff --git a/src/MQTTPacket.c b/src/MQTTPacket.c
index f39065dbe09ca23abb4173e5d25b254960de916a..296bf31b7d6ae1f107a0a3161de4b114c2fa5695 100644
--- a/src/MQTTPacket.c
+++ b/src/MQTTPacket.c
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2009, 2020 IBM Corp.
+ * Copyright (c) 2009, 2021 IBM Corp. and Ian Craggs
  *
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v2.0
@@ -569,7 +569,15 @@ void* MQTTPacket_publish(int MQTTVersion, unsigned char aHeader, char* data, siz
 		goto exit;
 	}
 	if (pack->header.bits.qos > 0)  /* Msgid only exists for QoS 1 or 2 */
+	{
+		if (enddata - curdata < 2)  /* Is there enough data for the msgid? */
+		{
+			free(pack);
+			pack = NULL;
+			goto exit;
+		}
 		pack->msgId = readInt(&curdata);
+	}
 	else
 		pack->msgId = 0;
 	if (MQTTVersion >= MQTTVERSION_5)
@@ -792,7 +800,15 @@ void* MQTTPacket_ack(int MQTTVersion, unsigned char aHeader, char* data, size_t
 	pack->MQTTVersion = MQTTVersion;
 	pack->header.byte = aHeader;
 	if (pack->header.bits.type != DISCONNECT)
+	{
+		if (enddata - curdata < 2)  /* Is there enough data for the msgid? */
+		{
+			free(pack);
+			pack = NULL;
+			goto exit;
+		}
 		pack->msgId = readInt(&curdata);
+	}
 	if (MQTTVersion >= MQTTVERSION_5)
 	{
 		MQTTProperties props = MQTTProperties_initializer;
diff --git a/src/MQTTPacketOut.c b/src/MQTTPacketOut.c
index b71622dad6bb91b37d9e01b27a378e3d4e4a8722..d40971ce1d08fabd0360650a18ca731177830a75 100644
--- a/src/MQTTPacketOut.c
+++ b/src/MQTTPacketOut.c
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2009, 2020 IBM Corp.
+ * Copyright (c) 2009, 2021 IBM Corp. and Ian Craggs
  *
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v2.0
@@ -150,17 +150,15 @@ void* MQTTPacket_connack(int MQTTVersion, unsigned char aHeader, char* data, siz
 		goto exit;
 	pack->MQTTVersion = MQTTVersion;
 	pack->header.byte = aHeader;
-	pack->flags.all = readChar(&curdata); /* connect flags */
-	pack->rc = readChar(&curdata); /* reason code */
-	if (MQTTVersion < MQTTVERSION_5)
+	if (datalen < 2) /* enough data for connect flags and reason code? */
 	{
-		if (datalen != 2)
-		{
-			free(pack);
-			pack = NULL;
-		}
+		free(pack);
+		pack = NULL;
+		goto exit;
 	}
-	else if (datalen > 2)
+	pack->flags.all = readChar(&curdata); /* connect flags */
+	pack->rc = readChar(&curdata); /* reason code */
+	if (MQTTVersion >= MQTTVERSION_5 && datalen > 2)
 	{
 		MQTTProperties props = MQTTProperties_initializer;
 		pack->properties = props;
@@ -300,6 +298,12 @@ void* MQTTPacket_suback(int MQTTVersion, unsigned char aHeader, char* data, size
 		goto exit;
 	pack->MQTTVersion = MQTTVersion;
 	pack->header.byte = aHeader;
+	if (enddata - curdata < 2)  /* Is there enough data to read the msgid? */
+	{
+		free(pack);
+		pack = NULL;
+		goto exit;
+	}
 	pack->msgId = readInt(&curdata);
 	if (MQTTVersion >= MQTTVERSION_5)
 	{
@@ -416,6 +420,12 @@ void* MQTTPacket_unsuback(int MQTTVersion, unsigned char aHeader, char* data, si
 		goto exit;
 	pack->MQTTVersion = MQTTVersion;
 	pack->header.byte = aHeader;
+	if (enddata - curdata < 2)  /* Is there enough data? */
+	{
+		free(pack);
+		pack = NULL;
+		goto exit;
+	}
 	pack->msgId = readInt(&curdata);
 	pack->reasonCodes = NULL;
 	if (MQTTVersion >= MQTTVERSION_5)