diff --git a/ChangeLog b/ChangeLog
index 735e44300..329e563ec 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,12 +1,16 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-
 = mbed TLS 1.3.14 reladsed 2015-10-??
 
 Security
    * Fix stack buffer overflow in pkcs12 decryption (used by
      mbedtls_pk_parse_key(file)() when the password is > 129 bytes.
      Found by Guido Vranken. Not triggerable remotely.
+   * Fix potential buffer overflow in mbedtls_mpi_read_string().
+     Found by Guido Vranken. Not exploitable remotely in the context of TLS,
+     but might be in other uses. On 32 bit machines, requires reading a string
+     of close to or larger than 1GB to exploit; on 64 bit machines, would require
+     reading a string of close to or larger than 2^62 bytes.
 
 = mbed TLS 1.3.13 reladsed 2015-09-17
 
diff --git a/library/bignum.c b/library/bignum.c
index f479bc9ed..2b1155bb9 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -39,6 +39,7 @@
 #include "polarssl/bn_mul.h"
 
 #include <string.h>
+#include <limits.h>
 
 #if defined(POLARSSL_PLATFORM_C)
 #include "polarssl/platform.h"
@@ -61,9 +62,10 @@ static void polarssl_zeroize( void *v, size_t n ) {
 
 /*
  * Convert between bits/chars and number of limbs
+ * Divide first in order to avoid potential overflows
  */
-#define BITS_TO_LIMBS(i)  (((i) + biL - 1) / biL)
-#define CHARS_TO_LIMBS(i) (((i) + ciL - 1) / ciL)
+#define BITS_TO_LIMBS(i)  ( (i) / biL + ( (i) % biL != 0 ) )
+#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
 
 /*
  * Initialize one MPI
@@ -414,6 +416,9 @@ int mpi_read_string( mpi *X, int radix, const char *s )
 
     if( radix == 16 )
     {
+        if( slen > SIZE_T_MAX >> 2 )
+            return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );
+
         n = BITS_TO_LIMBS( slen << 2 );
 
         MPI_CHK( mpi_grow( X, n ) );