diff -r 3f841a46eab5 -r 45e2bb06c88d librazor/rpm.c
--- a/librazor/rpm.c	Fri Oct 17 10:10:57 2014 +0100
+++ b/librazor/rpm.c	Fri Apr 15 16:57:55 2016 +0100
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008  Kristian Høgsberg <krh@redhat.com>
  * Copyright (C) 2008  Red Hat, Inc
- * Copyright (C) 2009, 2011, 2012  J. Ali Harlow <ali@juiblex.co.uk>
+ * Copyright (C) 2009, 2011, 2012, 2014  J. Ali Harlow <ali@juiblex.co.uk>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -49,7 +49,19 @@
 #define O_BINARY	0
 #endif
 
-#define	RPM_LEAD_SIZE 96
+struct rpm_lead {
+	unsigned char magic[4];
+	unsigned char major, minor;
+	short type;
+	short archnum;
+	char name[66];
+	short osnum;
+	short signature_type;
+	char reserved[16];
+};
+
+#define	RPM_LEAD_SIZE sizeof(struct rpm_lead)
+#define	RPM_LEAD_MAGIC "\xED\xAB\xEE\xDB"
 
 enum {
     PIPE	=  1,	/*!< pipe/fifo */
@@ -610,6 +622,7 @@
 RAZOR_EXPORT struct razor_rpm *
 razor_rpm_open(const char *filename, struct razor_error **error)
 {
+	struct rpm_lead *lead;
 	struct razor_rpm *rpm;
 	struct rpm_header_index *base, *index;
 	unsigned int count, i, nindex, hsize;
@@ -631,6 +644,16 @@
 		return NULL;
 	}
 
+	lead = rpm->map;
+	if (rpm->size < RPM_LEAD_SIZE ||
+	    strncmp(lead->magic,RPM_LEAD_MAGIC,4) || lead->major != 3) {
+		razor_rpm_close(rpm);
+		razor_set_error(error, RAZOR_GENERAL_ERROR,
+				RAZOR_GENERAL_ERROR_RPM_UNSUPPORTED,
+				filename, "Not a recognized RPM format file");
+		return NULL;
+	}
+
 	rpm->signature = rpm->map + RPM_LEAD_SIZE;
 	nindex = ntohl(rpm->signature->nindex);
 	hsize = ntohl(rpm->signature->hsize);