diff --git a/libavformat/evc.c b/libavformat/evc.c
index a194da1c39..79463ba018 100644
--- a/libavformat/evc.c
+++ b/libavformat/evc.c
@@ -120,6 +120,9 @@ static int evcc_parse_sps(const uint8_t *bs, int bs_size, EVCDecoderConfiguratio
     int sps_seq_parameter_set_id;
     EVCSPS sps;
 
+    bs += EVC_NALU_HEADER_SIZE;
+    bs_size -= EVC_NALU_HEADER_SIZE;
+
     if (init_get_bits8(&gb, bs, bs_size) < 0)
         return 0;
 
@@ -368,6 +371,10 @@ int ff_isom_write_evcc(AVIOContext *pb, const uint8_t *data,
         if (bytes_to_read < nalu_size) break;
 
         nalu_type = evc_get_nalu_type(data, bytes_to_read, pb);
+        if (nalu_type < EVC_NOIDR_NUT || nalu_type > EVC_UNSPEC_NUT62) {
+            ret = AVERROR_INVALIDDATA;
+            goto end;
+        }
 
         // @see ISO/IEC 14496-15:2021 Coding of audio-visual objects - Part 15: section 12.3.3.3
         // NAL_unit_type indicates the type of the NAL units in the following array (which shall be all of that type);
diff --git a/tests/ref/lavf-fate/evc.mp4 b/tests/ref/lavf-fate/evc.mp4
index b0afa350ac..4b410b84f3 100644
--- a/tests/ref/lavf-fate/evc.mp4
+++ b/tests/ref/lavf-fate/evc.mp4
@@ -1,3 +1,3 @@
-55294f868fa3b31d34a48344c4f72630 *tests/data/lavf-fate/lavf.evc.mp4
+885fb330b20632b88ef9d7fb03dfa2e9 *tests/data/lavf-fate/lavf.evc.mp4
 37386 tests/data/lavf-fate/lavf.evc.mp4
 tests/data/lavf-fate/lavf.evc.mp4 CRC=0x48063f85