diff --git a/Tests/LibGfx/TestWOFF2.cpp b/Tests/LibGfx/TestWOFF2.cpp
index 467f022ffb..2cc2b2c067 100644
--- a/Tests/LibGfx/TestWOFF2.cpp
+++ b/Tests/LibGfx/TestWOFF2.cpp
@@ -24,7 +24,8 @@ TEST_CASE(tolerate_incorrect_sfnt_size)
 TEST_CASE(malformed_woff2)
 {
     Array test_inputs = {
-        TEST_INPUT("woff2/incorrect_compressed_size.woff2"sv)
+        TEST_INPUT("woff2/incorrect_compressed_size.woff2"sv),
+        TEST_INPUT("woff2/invalid_numtables.woff2"sv)
     };
 
     for (auto test_input : test_inputs) {
diff --git a/Tests/LibGfx/test-inputs/woff2/invalid_numtables.woff2 b/Tests/LibGfx/test-inputs/woff2/invalid_numtables.woff2
new file mode 100644
index 0000000000..4b37db4f15
Binary files /dev/null and b/Tests/LibGfx/test-inputs/woff2/invalid_numtables.woff2 differ
diff --git a/Userland/Libraries/LibGfx/Font/WOFF2/Font.cpp b/Userland/Libraries/LibGfx/Font/WOFF2/Font.cpp
index ba813a7791..fd24061e16 100644
--- a/Userland/Libraries/LibGfx/Font/WOFF2/Font.cpp
+++ b/Userland/Libraries/LibGfx/Font/WOFF2/Font.cpp
@@ -859,6 +859,8 @@ ErrorOr<NonnullRefPtr<Font>> Font::try_load_from_externally_owned_memory(Seekabl
     static constexpr size_t MAX_BUFFER_SIZE = 10 * MiB;
     if (header.length > TRY(stream.size()))
         return Error::from_string_literal("Invalid WOFF length");
+    if (header.num_tables == 0 || header.num_tables > NumericLimits<u16>::max() / 16)
+        return Error::from_string_literal("Invalid WOFF numTables");
     if (header.total_compressed_size > MAX_BUFFER_SIZE)
         return Error::from_string_literal("Compressed font is more than 10 MiB");
     if (header.meta_length == 0 && header.meta_offset != 0)