diff --git a/app/src/main/java/eu/faircode/email/Helper.java b/app/src/main/java/eu/faircode/email/Helper.java
index 397a036212..87a244fa0d 100644
--- a/app/src/main/java/eu/faircode/email/Helper.java
+++ b/app/src/main/java/eu/faircode/email/Helper.java
@@ -153,6 +153,7 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
+import java.io.FilterInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -3849,4 +3850,37 @@ public class Helper {
         ActivityManager am = Helper.getSystemService(context, ActivityManager.class);
         am.clearApplicationUserData();
     }
+
+    static class MaximumLengthStream extends FilterInputStream {
+        private int max;
+        private int count = 0;
+
+        protected MaximumLengthStream(InputStream in, int max) {
+            super(in);
+            this.max = max;
+        }
+
+        @Override
+        public int read() throws IOException {
+            int b = super.read();
+            if (b >= 0 && ++count > max)
+                throw new IOException("Stream larger than " + max + " bytes");
+            return b;
+        }
+
+        @Override
+        public int read(byte[] b) throws IOException {
+            for (int i = 0; i < b.length; i++) {
+                b[i] = (byte) read();
+                if (b[i] < 0)
+                    return i;
+            }
+            return b.length;
+        }
+
+        @Override
+        public int read(byte[] b, int off, int len) throws IOException {
+            throw new UnsupportedOperationException();
+        }
+    }
 }
diff --git a/app/src/main/java/eu/faircode/email/ImageHelper.java b/app/src/main/java/eu/faircode/email/ImageHelper.java
index 48449cb084..2e1cd9e8fb 100644
--- a/app/src/main/java/eu/faircode/email/ImageHelper.java
+++ b/app/src/main/java/eu/faircode/email/ImageHelper.java
@@ -86,6 +86,7 @@ class ImageHelper {
     private static final int MAX_PROBE = 128 * 1024; // bytes
     private static final int SLOW_CONNECTION = 2 * 1024; // Kbps
     private static final int MAX_BITMAP_SIZE = 100 * 1024 * 1024; // RecordingCanvas.MAX_BITMAP_SIZE
+    private static final int MAX_SVG_SIZE = 1024 * 1024; // bytes
 
     // https://developer.android.com/guide/topics/media/media-formats#image-formats
     static final List<String> IMAGE_TYPES = Collections.unmodifiableList(Arrays.asList(
@@ -277,8 +278,8 @@ class ImageHelper {
     }
 
     @NonNull
-    static Bitmap renderSvg(InputStream is, int fillColor, int scaleToPixels) throws IOException {
-        try {
+    static Bitmap renderSvg(InputStream _is, int fillColor, int scaleToPixels) throws IOException {
+        try (InputStream is = new Helper.MaximumLengthStream(_is, 1024 * 1024)) {
             // https://bugzilla.mozilla.org/show_bug.cgi?id=455100
             // https://bug1105796.bmoattachments.org/attachment.cgi?id=8529795
             // https://github.com/BigBadaboom/androidsvg/issues/122#issuecomment-361902061