diff --git a/ChangeLog b/ChangeLog
index 0bcdb95d8..f193f6f55 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2018-07-05  Werner Lemberg  <wl@gnu.org>
+
+	Adjust table size comparisons (#54242).
+
+	* src/sfnt/ttcpal.c (tt_face_load_cpal): Implement it.
+
 2018-07-05  Werner Lemberg  <wl@gnu.org>
 
 	Fix more 32bit issues (#54208)
diff --git a/src/sfnt/ttcpal.c b/src/sfnt/ttcpal.c
index f01d88c63..b4b60e22a 100644
--- a/src/sfnt/ttcpal.c
+++ b/src/sfnt/ttcpal.c
@@ -112,6 +112,10 @@
     cpal->num_colors = FT_NEXT_USHORT( p );
     colors_offset    = FT_NEXT_ULONG( p );
 
+    if ( CPAL_V0_HEADER_BASE_SIZE             +
+         face->palette_data.num_palettes * 2U > table_size )
+      goto InvalidTable;
+
     if ( colors_offset >= table_size )
       goto InvalidTable;
     if ( cpal->num_colors * COLOR_SIZE > table_size - colors_offset )
@@ -128,7 +132,9 @@
       FT_UShort*  q;
 
 
-      if ( face->palette_data.num_palettes * 2 + 3U * 4 > table_size )
+      if ( CPAL_V0_HEADER_BASE_SIZE             +
+           face->palette_data.num_palettes * 2U +
+           3U * 4                               > table_size )
         goto InvalidTable;
 
       p += face->palette_data.num_palettes * 2;