diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 28dbd2357be..d96e2f2a6f5 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -693,6 +693,13 @@ Bug Fixes since HDF5-1.14.0 release
 
     Library
     -------
+    - Fixed potential buffer read overflows in H5PB_read
+
+      H5PB_read previously did not account for the fact that the size of the
+      read it's performing could overflow the page buffer pointer, depending
+      on the calculated offset for the read. This has been fixed by adjusting
+      the size of the read if it's determined that it would overflow the page.
+
     - Fixed CVE-2017-17507
 
       This CVE was previously declared fixed, but later testing with a static
diff --git a/src/H5PB.c b/src/H5PB.c
index fc09cd56e96..69707d14cba 100644
--- a/src/H5PB.c
+++ b/src/H5PB.c
@@ -726,7 +726,7 @@ H5PB_read(H5F_shared_t *f_sh, H5FD_mem_t type, haddr_t addr, size_t size, void *
     if (H5FD_MEM_DRAW == type) {
         last_page_addr = ((addr + size - 1) / page_buf->page_size) * page_buf->page_size;
 
-        /* How many pages does this write span */
+        /* How many pages does this read span */
         num_touched_pages =
             (last_page_addr / page_buf->page_size + 1) - (first_page_addr / page_buf->page_size);
         if (first_page_addr == last_page_addr) {
@@ -835,6 +835,10 @@ H5PB_read(H5F_shared_t *f_sh, H5FD_mem_t type, haddr_t addr, size_t size, void *
                 offset     = (0 == i ? addr - page_entry->addr : 0);
                 buf_offset = (0 == i ? 0 : size - access_size);
 
+                /* Account for reads that would overflow a page */
+                if (offset + access_size > page_buf->page_size)
+                    access_size = page_buf->page_size - offset;
+
                 /* copy the requested data from the page into the input buffer */
                 H5MM_memcpy((uint8_t *)buf + buf_offset, (uint8_t *)page_entry->page_buf_ptr + offset,
                             access_size);
@@ -905,6 +909,11 @@ H5PB_read(H5F_shared_t *f_sh, H5FD_mem_t type, haddr_t addr, size_t size, void *
                 /* Copy the requested data from the page into the input buffer */
                 offset     = (0 == i ? addr - search_addr : 0);
                 buf_offset = (0 == i ? 0 : size - access_size);
+
+                /* Account for reads that would overflow a page */
+                if (offset + access_size > page_buf->page_size)
+                    access_size = page_buf->page_size - offset;
+
                 H5MM_memcpy((uint8_t *)buf + buf_offset, (uint8_t *)new_page_buf + offset, access_size);
 
                 /* Create the new PB entry */