diff --git a/camera/metadata/src/camera_metadata_info.cpp b/camera/metadata/src/camera_metadata_info.cpp
index 3b99e02753894192c0d22296ef803efe9d37ad9b..e081c5e7270e65cd4e0eddd907ae3420f98ea128 100644
--- a/camera/metadata/src/camera_metadata_info.cpp
+++ b/camera/metadata/src/camera_metadata_info.cpp
@@ -930,6 +930,10 @@ int CameraMetadata::MetadataExpandItemMem(common_metadata_header_t *dst, camera_
         METADATA_ERR_LOG("MetadataExpandItemMem GetMetadataData failed");
         return CAM_META_FAILURE;
     }
+    if (item->data.offset > UINT32_MAX - oldItemSize || item->data.offset + oldItemSize >= dst->data_capacity) {
+        METADATA_ERR_LOG("MetadataExpandItemMem GetMetadataData failed");
+        return CAM_META_FAILURE;
+    }
     uint8_t *start = dstMetadataData + item->data.offset;
     uint8_t *end = start + oldItemSize;
     size_t length = dst->data_count - item->data.offset - oldItemSize;