diff --git a/cJSON.c b/cJSON.c
index 88c2d95b..77a0e0e0 100644
--- a/cJSON.c
+++ b/cJSON.c
@@ -351,6 +351,10 @@ static cJSON_bool parse_number(cJSON * const item, parse_buffer * const input_bu
             default:
                 goto loop_end;
         }
+        if (number_string_length > CJSON_NUMBER_LENGTH_LIMIT)
+        {
+            return false;
+        }
     }
 loop_end:
     /* malloc for temporary buffer, add 1 for '\0' */
diff --git a/cJSON.h b/cJSON.h
index cab5feb4..46a53825 100644
--- a/cJSON.h
+++ b/cJSON.h
@@ -99,6 +99,10 @@ then using the CJSON_API_VISIBILITY flag to "export" the same symbols the way CJ
 #define cJSON_IsReference 256
 #define cJSON_StringIsConst 512
 
+#ifndef CJSON_NUMBER_LENGTH_LIMIT
+#define CJSON_NUMBER_LENGTH_LIMIT 512
+#endif
+
 /* The cJSON structure: */
 typedef struct cJSON
 {