diff --git a/NEWS b/NEWS
index cf3e788fc..416af1159 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,6 @@
 ver 0.19.14 (not yet released)
+* decoder
+  - opus: limit tag size to 64 kB
 * fix build failures on non-glibc builds due to constexpr Mutex
 
 ver 0.19.13 (2016/02/23)
diff --git a/src/decoder/plugins/OpusReader.hxx b/src/decoder/plugins/OpusReader.hxx
index c5b8e9107..219f3f42a 100644
--- a/src/decoder/plugins/OpusReader.hxx
+++ b/src/decoder/plugins/OpusReader.hxx
@@ -85,7 +85,7 @@ public:
 
 	char *ReadString() {
 		uint32_t length;
-		if (!ReadWord(length))
+		if (!ReadWord(length) || length >= 65536)
 			return nullptr;
 
 		const char *src = (const char *)Read(length);