diff --git a/release_docs/CHANGELOG.md b/release_docs/CHANGELOG.md
index d08176bc677..288f2632a61 100644
--- a/release_docs/CHANGELOG.md
+++ b/release_docs/CHANGELOG.md
@@ -557,6 +557,12 @@ Added Fortran wrapper h5fdsubfiling_get_file_mapping_f() for the subfiling file
 
 ## Library
 
+### Fixed security issue CVE-2025-2926
+
+   An image size was corrupted and decoded as 0 resulting in a NULL image buffer, which caused a NULL pointer dereference when the image was being copied to the buffer.  This has been fixed with additional image size check.
+
+   Fixes GitHub issue #5384
+
 ### Fixed security issue CVE-2025-2915 and OSV-2024-381
 
    Fixed a heap-based buffer overflow in H5F__accum_free caused by an integer overflow when calculating new_accum_size. Added validation in H5O__mdci_decode to detect and reject invalid values early, preventing the overflow condition.
diff --git a/src/H5Ocache.c b/src/H5Ocache.c
index b67ac9a3759..fb1f5dc0658 100644
--- a/src/H5Ocache.c
+++ b/src/H5Ocache.c
@@ -595,18 +595,22 @@ H5O__cache_free_icr(void *_thing)
 static herr_t
 H5O__cache_chk_get_initial_load_size(void *_udata, size_t *image_len)
 {
-    const H5O_chk_cache_ud_t *udata = (const H5O_chk_cache_ud_t *)_udata; /* User data for callback */
+    const H5O_chk_cache_ud_t *udata     = (const H5O_chk_cache_ud_t *)_udata; /* User data for callback */
+    herr_t                    ret_value = SUCCEED;
 
-    FUNC_ENTER_PACKAGE_NOERR
+    FUNC_ENTER_PACKAGE
 
     assert(udata);
     assert(udata->oh);
     assert(image_len);
 
     /* Set the image length size */
+    if (udata->size == 0)
+        HGOTO_ERROR(H5E_OHDR, H5E_BADVALUE, FAIL, "invalid size of image");
     *image_len = udata->size;
 
-    FUNC_LEAVE_NOAPI(SUCCEED)
+done:
+    FUNC_LEAVE_NOAPI(ret_value)
 } /* end H5O__cache_chk_get_initial_load_size() */
 
 /*-------------------------------------------------------------------------