diff --git a/libavformat/rtpdec_mpeg4.c b/libavformat/rtpdec_mpeg4.c
index d5fea4f59c..bc50da2a8b 100644
--- a/libavformat/rtpdec_mpeg4.c
+++ b/libavformat/rtpdec_mpeg4.c
@@ -290,11 +290,22 @@ static int parse_fmtp(AVFormatContext *s,
         for (i = 0; attr_names[i].str; ++i) {
             if (!av_strcasecmp(attr, attr_names[i].str)) {
                 if (attr_names[i].type == ATTR_NAME_TYPE_INT) {
+                    int val = atoi(value);
+                    if (val > 32) {
+                        av_log(s, AV_LOG_ERROR,
+                               "The %s field size is invalid (%d).",
+                               attr, val);
+                        return AVERROR_INVALIDDATA;
+                    }
                     *(int *)((char *)data+
-                        attr_names[i].offset) = atoi(value);
-                } else if (attr_names[i].type == ATTR_NAME_TYPE_STR)
+                        attr_names[i].offset) = val;
+                } else if (attr_names[i].type == ATTR_NAME_TYPE_STR) {
+                    char *val = av_strdup(value);
+                    if (!val)
+                        return AVERROR(ENOMEM);
                     *(char **)((char *)data+
-                        attr_names[i].offset) = av_strdup(value);
+                        attr_names[i].offset) = val;
+                }
             }
         }
     }