diff --git a/gltf.go b/gltf.go
index c833cd1..182a269 100644
--- a/gltf.go
+++ b/gltf.go
@@ -2,6 +2,7 @@ package gltf
 
 import (
 	"encoding/base64"
+	"errors"
 	"strings"
 	"sync"
 )
@@ -133,6 +134,9 @@ func (b *Buffer) marshalData() ([]byte, error) {
 		return nil, nil
 	}
 	startPos := len(mimetypeApplicationOctet) + 1
+	if len(b.URI) < startPos {
+		return nil, errors.New("gltf: Invalid base64 content")
+	}
 	sl, err := base64.StdEncoding.DecodeString(b.URI[startPos:])
 	if len(sl) == 0 || err != nil {
 		return nil, err
diff --git a/gltf_test.go b/gltf_test.go
index c33a359..eea3ad5 100644
--- a/gltf_test.go
+++ b/gltf_test.go
@@ -96,6 +96,7 @@ func TestBuffer_marshalData(t *testing.T) {
 		{"empty", &Buffer{URI: "data:application/octet-stream;base64,"}, nil, false},
 		{"test", &Buffer{URI: "data:application/octet-stream;base64,TEST"}, []byte{76, 68, 147}, false},
 		{"complex", &Buffer{URI: "data:application/octet-stream;base64,YW55IGNhcm5hbCBwbGVhcw=="}, []byte{97, 110, 121, 32, 99, 97, 114, 110, 97, 108, 32, 112, 108, 101, 97, 115}, false},
+		{"invalid", &Buffer{URI: "data:application/octet-stream;base64"}, nil, true},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {