diff --git a/CHANGELOG.md b/CHANGELOG.md
index c99a941f5..8e846aa05 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,8 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
- - Changed spiffs write/apped to send in 8192 chucks to ensure its eraised (@mwalker)
+ - Fixed buffer overflow in mfu ndef decode (@mwalker)
+ - Changed spiffs write/append to send in 8192 chunks to ensure its eraised (@mwalker)
  - Fixed spiffs dump to ensure to fails correctly if no big_buff was allocated (@mwalker)
  - Change Client Makefile to respect global flags (@blshkv)
  - Change Makefile, honors global CC values (@blshkv)
diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c
index 2f6e18a53..a1ee42306 100644
--- a/client/src/cmdhfmfu.c
+++ b/client/src/cmdhfmfu.c
@@ -4027,6 +4027,9 @@ int CmdHF14MfuNDEFRead(const char *Cmd) {
         }
     }
 
+    // The following read will read in blocks of 16 bytes.
+    // ensure maxsize is rounded up to a multiple of 16
+    maxsize = maxsize + (16 - (maxsize % 16));
     // allocate mem
     uint8_t *records = calloc(maxsize, sizeof(uint8_t));
     if (records == NULL) {