diff --git a/src/audio/codec/dts/dts.c b/src/audio/codec/dts/dts.c
index cd1da3363517..bc4795055576 100644
--- a/src/audio/codec/dts/dts.c
+++ b/src/audio/codec/dts/dts.c
@@ -328,9 +328,15 @@ static int dts_codec_apply_config(struct processing_module *mod)
 
 	/* Allow for multiple module_params to be packed into the data pointed to by config
 	 */
+	param_header_size = sizeof(param->id) + sizeof(param->size);
 	for (i = 0; i < config_data_size; param_number++) {
+		/* Need at least a param header in the remaining bytes to read id/size */
+		if (config_data_size - i < param_header_size) {
+			comp_err(dev, "param header truncated");
+			return -EINVAL;
+		}
+
 		param = (struct module_param *)((char *)config->data + i);
-		param_header_size = sizeof(param->id) + sizeof(param->size);
 
 		/* If param->size is less than param_header_size, then this param is not valid */
 		if (param->size < param_header_size) {
@@ -338,6 +344,13 @@ static int dts_codec_apply_config(struct processing_module *mod)
 			return -EINVAL;
 		}
 
+		/* The whole param (header + data) must fit in the remaining config data */
+		if (param->size > config_data_size - i) {
+			comp_err(dev, "param size %u exceeds remaining %u",
+				 param->size, config_data_size - i);
+			return -EINVAL;
+		}
+
 		/* Only process param->data if it has size greater than 0 */
 		if (param->size > param_header_size) {
 			/* Calculate size of param->data */