diff --git a/libavformat/pva.c b/libavformat/pva.c
index fda5fc3867..1aad6db29d 100644
--- a/libavformat/pva.c
+++ b/libavformat/pva.c
@@ -31,13 +31,26 @@ typedef struct {
     int continue_pes;
 } PVAContext;
 
+static int pva_check(uint8_t *p) {
+    int length = AV_RB16(p + 6);
+    if (AV_RB16(p) != PVA_MAGIC || !p[2] || p[2] > 2 || p[4] != 0x55 ||
+        (p[5] & 0xe0) || length > PVA_MAX_PAYLOAD_LENGTH)
+        return -1;
+    return length + 8;
+}
+
 static int pva_probe(AVProbeData * pd) {
     unsigned char *buf = pd->buf;
+    int len = pva_check(buf);
 
-    if (AV_RB16(buf) == PVA_MAGIC && buf[2] && buf[2] < 3 && buf[4] == 0x55)
+    if (len < 0)
+        return 0;
+
+    if (pd->buf_size >= len + 8 &&
+        pva_check(buf + len) >= 0)
         return AVPROBE_SCORE_MAX / 2;
 
-    return 0;
+    return AVPROBE_SCORE_MAX / 4;
 }
 
 static int pva_read_header(AVFormatContext *s, AVFormatParameters *ap) {