diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index d880297a92..de4daf7546 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -655,7 +655,7 @@ static void boxes_check(size_t b,size_t m)
         auto p = reinterpret_cast<char*>(boxBuf.pData_);
         bool          bWroteColor = false ;
 
-        while ( count < length || !bWroteColor ) {
+        while ( count < length && !bWroteColor ) {
             enforce(sizeof(Jp2BoxHeader) <= length - count, Exiv2::kerCorruptedMetadata);
             auto pSubBox = reinterpret_cast<Jp2BoxHeader*>(p + count);
 
diff --git a/test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2 b/test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2
new file mode 100644
index 0000000000..47ad82ee71
Binary files /dev/null and b/test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2 differ
diff --git a/tests/bugfixes/github/test_issue_ghsa_8949_hhfh_j7rj.py b/tests/bugfixes/github/test_issue_ghsa_8949_hhfh_j7rj.py
index c98b3815eb..44f6a906cb 100644
--- a/tests/bugfixes/github/test_issue_ghsa_8949_hhfh_j7rj.py
+++ b/tests/bugfixes/github/test_issue_ghsa_8949_hhfh_j7rj.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 
-from system_tests import CaseMeta, path
-
+from system_tests import CaseMeta, CopyTmpFiles, path
+@CopyTmpFiles("$data_path/issue_ghsa_8949_hhfh_j7rj_poc.jp2","$data_path/issue_ghsa_8949_hhfh_j7rj_poc.exv")
 
 class Jp2ImageEncodeJp2HeaderOutOfBoundsRead(metaclass=CaseMeta):
     """
@@ -10,13 +10,12 @@ class Jp2ImageEncodeJp2HeaderOutOfBoundsRead(metaclass=CaseMeta):
     """
     url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj"
 
-    filename1 = path("$data_path/issue_ghsa_8949_hhfh_j7rj_poc.jp2")
-    filename2 = path("$data_path/issue_ghsa_8949_hhfh_j7rj_poc.exv")
+    filename1 = path("$tmp_path/issue_ghsa_8949_hhfh_j7rj_poc.jp2")
+    filename2 = path("$tmp_path/issue_ghsa_8949_hhfh_j7rj_poc.exv")
     commands = ["$exiv2 in $filename1"]
     stdout = [""]
     stderr = [
 """Error: XMP Toolkit error 201: XML parsing failure
 Warning: Failed to decode XMP metadata.
-$filename1: Could not write metadata to file: $kerCorruptedMetadata
 """]
-    retval = [1]
+    retval = [0]
diff --git a/tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py b/tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py
new file mode 100644
index 0000000000..8f8b6676cf
--- /dev/null
+++ b/tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py
@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, CopyTmpFiles, path, check_no_ASAN_UBSAN_errors
+@CopyTmpFiles("$data_path/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2")
+
+class Jp2ImageEncodeJp2HeaderOutOfBoundsRead2(metaclass=CaseMeta):
+    """
+    Regression test for the bug described in:
+    https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
+    """
+    url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v"
+
+    filename = path("$tmp_path/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2")
+    commands = ["$exiv2 rm $filename"]
+    stdout = [""]
+    retval = [0]
+
+    compare_stderr = check_no_ASAN_UBSAN_errors