diff --git a/ChangeLog b/ChangeLog
index dc25136909..71f846b568 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2008-03-08  Sebastian Dröge  <slomo@circular-chaos.org>
+
+	Patch by: Olivier Crete <tester at tester dot ca>
+
+	* gst/rtp/gstrtph263pdepay.c: (gst_rtp_h263p_depay_process):
+	Check that a buffer is large enough before reading from it.
+	Fixes bug #521102.
+	
 2008-03-07  Wim Taymans  <wim.taymans@collabora.co.uk>
 
 	* gst/udp/gstudpsrc.c: (gst_udpsrc_start):
diff --git a/common b/common
index e02bd43fe6..170f8e91ad 160000
--- a/common
+++ b/common
@@ -1 +1 @@
-Subproject commit e02bd43fe6b9e45536eccbf5b7a5f9eae62030fd
+Subproject commit 170f8e91adc7157f6e708ffa58ca22d10e4e45da
diff --git a/gst/rtp/gstrtph263pdepay.c b/gst/rtp/gstrtph263pdepay.c
index 082d26f640..7d77573240 100644
--- a/gst/rtp/gstrtph263pdepay.c
+++ b/gst/rtp/gstrtph263pdepay.c
@@ -265,6 +265,9 @@ gst_rtp_h263p_depay_process (GstBaseRTPDepayload * depayload, GstBuffer * buf)
 
     header_len = 2;
 
+    if (payload_len < header_len)
+      goto bad_packet;
+
     M = gst_rtp_buffer_get_marker (buf);
 
     /*  0                   1
@@ -285,6 +288,9 @@ gst_rtp_h263p_depay_process (GstBaseRTPDepayload * depayload, GstBuffer * buf)
       header_len += PLEN;
     }
 
+    if ((!P && payload_len < header_len) || (P && payload_len < header_len - 2))
+      goto bad_packet;
+
     if (P) {
       rtph263pdepay->wait_start = FALSE;
       header_len -= 2;