diff --git a/src/bmp.cpp b/src/bmp.cpp
--- a/src/bmp.cpp
+++ b/src/bmp.cpp
@@ -367,7 +367,12 @@ bool BmpReadHeader(BmpBuffer *buffer, Bm
 			info->palette_size = ReadDword(buffer); // number of colours in palette
 			SkipBytes(buffer, header_size - 16);    // skip the end of info header
 		}
-		if (info->palette_size == 0) info->palette_size = 1 << info->bpp;
+
+		uint maximum_palette_size = 1U << info->bpp;
+		if (info->palette_size == 0) info->palette_size = maximum_palette_size;
+
+		/* More palette colours than palette indices is not supported. */
+		if (info->palette_size > maximum_palette_size) return false;
 
 		data->palette = CallocT<Colour>(info->palette_size);