diff --git a/ChangeLog b/ChangeLog
index 78664d0545..b459887ec3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,9 @@ Security
    * Fix potential double free if ssl_set_psk() is called more than once and
      some allocation fails. Cannot be forced remotely. Found by Guido Vranken,
      Intelworks.
+   * Fix potential heap corruption on Windows when
+     x509_crt_parse_path() is passed a path longer than 2GB. Cannot be
+     triggered remotely. Found by Guido Vranken, Interlworks.
 
 = mbed TLS 1.3.14 released 2015-10-06
 
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 3fb2b686ec..200f6bbab2 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -973,7 +973,7 @@ int x509_crt_parse_path( x509_crt *chain, const char *path )
     WCHAR szDir[MAX_PATH];
     char filename[MAX_PATH];
     char *p;
-    int len = (int) strlen( path );
+    size_t len = strlen( path );
 
     WIN32_FIND_DATAW file_data;
     HANDLE hFind;
@@ -1007,7 +1007,7 @@ int x509_crt_parse_path( x509_crt *chain, const char *path )
 
         w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
                                      lstrlenW( file_data.cFileName ),
-                                     p, len - 1,
+                                     p, (int) len - 1,
                                      NULL, NULL );
         if( w_ret == 0 )
             return( POLARSSL_ERR_X509_FILE_IO_ERROR );