diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
index 4d505e6..b50a7f4 100644
--- a/libvncserver/rfbserver.c
+++ b/libvncserver/rfbserver.c
@@ -2594,7 +2594,9 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)
 	 * argument. Here we check that the value fits into all of them to
 	 * prevent from misinterpretation and thus from accessing uninitialized
 	 * memory. CVE-2018-7225 */
-	if (msg.cct.length > SIZE_MAX || msg.cct.length > INT_MAX - sz_rfbClientCutTextMsg) {
+	/* But first to prevent from a denial-of-service by allocating to much
+	 * memory in the server, we impose a limit of 1 MB. */
+	if (msg.cct.length > 1<<20 || msg.cct.length > SIZE_MAX || msg.cct.length > INT_MAX - sz_rfbClientCutTextMsg) {
 	    rfbLog("rfbClientCutText: too big cut text length requested: %" PRIu32 "\n",
 		    msg.cct.length);
 	    rfbCloseClient(cl);