diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
index 70fb287026..170f42bfcb 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
@@ -94,6 +94,7 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable {
     private static final int DEFAULT_MAX_RECORD_LENGTH = 200_000_000;
     private static final int MAX_DOCUMENT_SIZE = 100_000_000;
     private static int MAX_RECORD_LENGTH = DEFAULT_MAX_RECORD_LENGTH;
+    private static final int MAX_IMAGE_LENGTH = 10_000_000;
 
     // Holds metadata on where things are in our document
     private CurrentUserAtom currentUser;
@@ -407,7 +408,7 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable {
         EscherContainerRecord blipStore = getBlipStore();
         byte[] pictstream;
         try (DocumentInputStream is = getDirectory().createDocumentInputStream(entry)) {
-            pictstream = IOUtils.toByteArray(is, entry.getSize());
+            pictstream = IOUtils.toByteArray(is, entry.getSize(), MAX_IMAGE_LENGTH);
         }
 
         List<PictureFactory> factories = new ArrayList<>();
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
index c0572750b6..7b85af8ad9 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
@@ -16,17 +16,23 @@
 ==================================================================== */
 package org.apache.poi.hslf.dev;
 
-import static org.junit.jupiter.api.Assertions.assertThrows;
-
-import java.io.File;
-import java.util.Collections;
-import java.util.Set;
-
 import org.apache.poi.EmptyFileException;
 import org.apache.poi.hslf.HSLFTestDataSamples;
 import org.junit.jupiter.api.Test;
 
+import java.io.File;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
 public class TestPPTXMLDump extends BaseTestPPTIterating {
+    static final Set<String> LOCAL_EXCLUDED = new HashSet<>();
+    static {
+        LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt");
+    }
+
     @Test
     void testMain() throws Exception {
         PPTXMLDump.main(new String[0]);
@@ -41,7 +47,13 @@ public class TestPPTXMLDump extends BaseTestPPTIterating {
 
     @Override
     void runOneFile(File pFile) throws Exception {
-        PPTXMLDump.main(new String[]{pFile.getAbsolutePath()});
+        try {
+           PPTXMLDump.main(new String[]{pFile.getAbsolutePath()});
+        } catch (IndexOutOfBoundsException e) {
+            if (!LOCAL_EXCLUDED.contains(pFile.getName())) {
+                throw e;
+            }
+        }
     }
 
     @Override
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java
index b75bec5178..f3afc851fb 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java
@@ -20,12 +20,19 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import java.io.File;
 import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
 
 import org.apache.poi.EmptyFileException;
 import org.apache.poi.hslf.HSLFTestDataSamples;
 import org.junit.jupiter.api.Test;
 
 public class TestSlideIdListing extends BaseTestPPTIterating {
+    static final Set<String> LOCAL_EXCLUDED = new HashSet<>();
+    static {
+        LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt");
+    }
+
     @Test
     void testMain() throws IOException {
         // calls System.exit(): SlideIdListing.main(new String[0]);
@@ -37,6 +44,12 @@ public class TestSlideIdListing extends BaseTestPPTIterating {
 
     @Override
     void runOneFile(File pFile) throws Exception {
-        SlideIdListing.main(new String[]{pFile.getAbsolutePath()});
+        try {
+            SlideIdListing.main(new String[]{pFile.getAbsolutePath()});
+        } catch (IllegalArgumentException e) {
+            if (!LOCAL_EXCLUDED.contains(pFile.getName())) {
+                throw e;
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt
new file mode 100644
index 0000000000..26c74a2cce
Binary files /dev/null and b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt differ
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index a873b632cb..70847a482c 100644
Binary files a/test-data/spreadsheet/stress.xls and b/test-data/spreadsheet/stress.xls differ