diff --git a/index.js b/index.js
index f0348fc..348ebd8 100644
--- a/index.js
+++ b/index.js
@@ -117,7 +117,12 @@ module.exports.verify = function(jwtString, secretOrPublicKey, options, callback
 
   }
 
-  var decodedToken = jws.decode(jwtString);
+  var decodedToken;
+  try {
+    decodedToken = jws.decode(jwtString);
+  } catch(err) {
+    return done(new JsonWebTokenError('invalid token'));
+  }
 
   if (!decodedToken) {
     return done(new JsonWebTokenError('invalid token'));