diff --git a/ChangeLog b/ChangeLog
index 520564a44..b1cbd69c7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2016-03-30  Werner Lemberg  <wl@gnu.org>
+
+	* src/pfr/pfrload.c (pfr_log_font_count): Better font size estimate.
+
 2016-03-30  Werner Lemberg  <wl@gnu.org>
 
 	* src/pfr/pfrload.c (pfr_aux_name_load): Fix memory leak (#47567).
diff --git a/src/pfr/pfrload.c b/src/pfr/pfrload.c
index 85920457b..989dd05ce 100644
--- a/src/pfr/pfrload.c
+++ b/src/pfr/pfrload.c
@@ -299,9 +299,15 @@
          FT_READ_USHORT( count )          )
       goto Exit;
 
-    /* check maximum value and a rough minimum size */
+    /* check maximum value and a rough minimum size:     */
+    /* - no more than 13106 log fonts                    */
+    /* - we need 5 bytes for a log header record         */
+    /* - we need at least 18 bytes for a log font record */
+    /* - the overall size is at least 95 bytes plus the  */
+    /*   log header and log font records                 */
     if ( count > ( ( 1 << 16 ) - 2 ) / 5                ||
-         2 + count * 5 >= stream->size - section_offset )
+         2 + count * 5 >= stream->size - section_offset ||
+         95 + count * ( 5 + 18 ) >= stream->size        )
     {
       FT_ERROR(( "pfr_log_font_count:"
                  " invalid number of logical fonts\n" ));