diff --git a/ChangeLog b/ChangeLog
index 01197f30c..866a3c7cc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2019-02-25  Boruch Baum  <boruch_baum@gmx.com>
+
+	* w3m-favicon.el (w3m-favicon-convert): bugfix: check string bounds
+	before use (Andres Ramirez <rrandresf@gmail.com> [emacs-w3m:13266])
+
 2019-02-25  Boruch Baum  <boruch_baum@gmx.com>, TSUCHIYA Masatoshi  <tsuchiya@namazu.org>
 
 	* octet.el: Documentation update
diff --git a/w3m-favicon.el b/w3m-favicon.el
index cd8d89df9..b0d75e42e 100644
--- a/w3m-favicon.el
+++ b/w3m-favicon.el
@@ -240,9 +240,11 @@ favicon is ready."
   "Convert the favicon DATA in TYPE to the favicon image and return it."
   (when (or (not (eq type 'ico))
 	    ;; Is it really in the ico format?
-	    (string-equal "\x00\x00\x01\x00" (substring data 0 4))
+	    (and (>= (length data) 4)
+                 (string-equal "\x00\x00\x01\x00" (substring data 0 4)))
 	    ;; Some icons named favicon.ico are animated GIFs.
-	    (and (member (substring data 0 5) '("GIF87" "GIF89"))
+	    (and (>= (length data) 5)
+                 (member (substring data 0 5) '("GIF87" "GIF89"))
 		 (setq type 'gif)))
     (let ((height (or (cdr w3m-favicon-size)
 		      (w3m-static-if (featurep 'xemacs)