diff --git a/Tests/LibCompress/TestDeflate.cpp b/Tests/LibCompress/TestDeflate.cpp
index f081fb1cb8b..da53aefef29 100644
--- a/Tests/LibCompress/TestDeflate.cpp
+++ b/Tests/LibCompress/TestDeflate.cpp
@@ -55,6 +55,13 @@ TEST_CASE(canonical_code_complex)
         EXPECT_EQ(MUST(huffman.read_symbol(bit_stream)), output[idx]);
 }
 
+TEST_CASE(invalid_canonical_code)
+{
+    Array<u8, 257> code;
+    code.fill(0x08);
+    EXPECT(Compress::CanonicalCode::from_bytes(code).is_error());
+}
+
 TEST_CASE(deflate_decompress_compressed_block)
 {
     Array<u8, 28> const compressed {
diff --git a/Userland/Libraries/LibCompress/Deflate.cpp b/Userland/Libraries/LibCompress/Deflate.cpp
index 66605a79ef3..18216fb124c 100644
--- a/Userland/Libraries/LibCompress/Deflate.cpp
+++ b/Userland/Libraries/LibCompress/Deflate.cpp
@@ -100,6 +100,9 @@ ErrorOr<CanonicalCode> CanonicalCode::from_bytes(ReadonlyBytes bytes)
                 return Error::from_string_literal("Failed to decode code lengths");
 
             if (code_length <= CanonicalCode::max_allowed_prefixed_code_length) {
+                if (number_of_prefix_codes >= prefix_codes.size())
+                    return Error::from_string_literal("Invalid canonical Huffman code");
+
                 auto& prefix_code = prefix_codes[number_of_prefix_codes++];
                 prefix_code.symbol_code = next_code;
                 prefix_code.symbol_value = symbol;