diff --git a/src/modules/loaders/loader_jpeg.c b/src/modules/loaders/loader_jpeg.c
index 958605f..5944abb 100644
--- a/src/modules/loaders/loader_jpeg.c
+++ b/src/modules/loaders/loader_jpeg.c
@@ -95,7 +95,8 @@ load(ImlibImage * im, ImlibProgressFunction progress,
         im->w = w = cinfo.output_width;
         im->h = h = cinfo.output_height;
 
-        if (cinfo.rec_outbuf_height > 16)
+        if ((cinfo.rec_outbuf_height > 16) ||
+            (w < 1) || (h < 1) || (w > 8192) || (h > 8192))
           {
              im->w = im->h = 0;
              jpeg_destroy_decompress(&cinfo);
diff --git a/src/modules/loaders/loader_tga.c b/src/modules/loaders/loader_tga.c
index 93b84aa..8230d53 100644
--- a/src/modules/loaders/loader_tga.c
+++ b/src/modules/loaders/loader_tga.c
@@ -350,7 +350,9 @@ load(ImlibImage * im, ImlibProgressFunction progress,
                   else
                      dataptr = im->data + (y * im->w);
 
-                  for (x = 0; x < im->w; x++)   /* for each pixel in the row */
+                  for (x = 0;
+                       (x < im->w) && (bufptr + bpp / 8 <= bufend);
+                       x++)   /* for each pixel in the row */
                     {
                        switch (bpp)
                          {
@@ -406,7 +408,7 @@ load(ImlibImage * im, ImlibProgressFunction progress,
 
              /* loop until we've got all the pixels or run out of input */
 	     while ((dataptr < final_pixel) &&
-		    ((bufptr + 1 + (bpp / 8)) < bufend))
+		    ((bufptr + 1 + (bpp / 8)) <= bufend))
 	       {
                   int                 count;