diff --git a/Tests/images/negative_size.ppm b/Tests/images/negative_size.ppm
new file mode 100755
index 00000000000..257b8c29c8e
--- /dev/null
+++ b/Tests/images/negative_size.ppm
@@ -0,0 +1 @@
+P632 358888888632!
diff --git a/Tests/test_file_ppm.py b/Tests/test_file_ppm.py
index 3adc7a6d15b..9284d422ad4 100644
--- a/Tests/test_file_ppm.py
+++ b/Tests/test_file_ppm.py
@@ -44,5 +44,17 @@ def test_truncated_file(self):
         self.assertRaises(ValueError, lambda: Image.open(path))
 
 
+    def test_neg_ppm(self):
+        """test_neg_ppm
+
+        Storage.c accepted negative values for xsize, ysize.
+        open_ppm is a core debugging item that doesn't check any parameters for
+        sanity. 
+        """
+        
+        with self.assertRaises(ValueError):
+            Image.core.open_ppm('Tests/images/negative_size.ppm')
+
+
 if __name__ == '__main__':
     unittest.main()
diff --git a/libImaging/Storage.c b/libImaging/Storage.c
index f40840671a1..27661bfdb7d 100644
--- a/libImaging/Storage.c
+++ b/libImaging/Storage.c
@@ -406,6 +406,10 @@ ImagingNew(const char* mode, int xsize, int ysize)
     } else
         bytes = strlen(mode); /* close enough */
 
+    if (xsize < 0 || ysize < 0) {
+        return (Imaging) ImagingError_ValueError("bad image size");
+    }
+
     if ((int64_t) xsize * (int64_t) ysize <= THRESHOLD / bytes) {
         im = ImagingNewBlock(mode, xsize, ysize);
         if (im)