diff --git a/website/sites/all/modules/contrib/epsacrop/epsacrop.module b/website/sites/all/modules/contrib/epsacrop/epsacrop.module
index 758a9d1..8b59df0 100755
--- a/website/sites/all/modules/contrib/epsacrop/epsacrop.module
+++ b/website/sites/all/modules/contrib/epsacrop/epsacrop.module
@@ -955,6 +955,24 @@ function _epsacrop_add_file($fid, $coords) {
  * @return void
  */
 function _epsacrop_save_coords($fid, $coords) {
+  // Check fid is for a valid file.
+  if ($file = file_load($fid)) {
+
+    $coords_data = drupal_json_decode($coords);
+
+    // We don't know the field so assume there is only one item in the array.
+    $field_coords = array_shift($coords_data[$fid]);
+
+    // Check we have coordinates passed and that they are not larger than the image.
+    if (!empty($field_coords) && (
+        $field_coords['x'] < 0
+        || $field_coords['y'] < 0
+        || $field_coords['x2'] > $file->width
+        || $field_coords['y2'] > $file->height
+      )) {
+      return FALSE;
+    }
+
   $affected = db_update('epsacrop_files')
     ->fields(array(
       'coords' => serialize($coords)
@@ -967,6 +985,7 @@ function _epsacrop_save_coords($fid, $coords) {
   }
 
   image_path_flush(_epsacrop_get_uri_from_fid($fid));
+  }
 }