diff --git a/src/core/cff_parser.js b/src/core/cff_parser.js
index ad563e208..41d009fb9 100644
--- a/src/core/cff_parser.js
+++ b/src/core/cff_parser.js
@@ -546,6 +546,13 @@ class CFFParser {
         stackSize++;
       } else if (value === 19 || value === 20) {
         state.hints += stackSize >> 1;
+        if (state.hints === 0) {
+          // Not a valid value (see bug 1529502): just remove it.
+          data.copyWithin(j - 1, j, -1);
+          j -= 1;
+          length -= 1;
+          continue;
+        }
         // skipping right amount of hints flag data
         j += (state.hints + 7) >> 3;
         stackSize %= 2;
diff --git a/test/pdfs/.gitignore b/test/pdfs/.gitignore
index 0422f7d58..3a8fe4d15 100644
--- a/test/pdfs/.gitignore
+++ b/test/pdfs/.gitignore
@@ -595,3 +595,4 @@
 !bug1825002.pdf
 !issue14755.pdf
 !issue16473.pdf
+!bug1529502.pdf
diff --git a/test/pdfs/bug1529502.pdf b/test/pdfs/bug1529502.pdf
new file mode 100644
index 000000000..502689128
Binary files /dev/null and b/test/pdfs/bug1529502.pdf differ
diff --git a/test/test_manifest.json b/test/test_manifest.json
index 2c159458b..72e2e102c 100644
--- a/test/test_manifest.json
+++ b/test/test_manifest.json
@@ -7676,5 +7676,12 @@
       "link": true,
       "forms": true,
       "type": "eq"
+   },
+   {
+      "id": "bug1529502",
+      "file": "pdfs/bug1529502.pdf",
+      "md5": "4830e765a3d6cb64d39b84de11178f6e",
+      "rounds": 1,
+      "type": "eq"
    }
 ]