diff --git a/gajim/common/connection_handlers.py b/gajim/common/connection_handlers.py
index 480dfcc1b..b17d7af09 100644
--- a/gajim/common/connection_handlers.py
+++ b/gajim/common/connection_handlers.py
@@ -30,6 +30,7 @@
 
 import os
 import base64
+import binascii
 import operator
 import hashlib
 
@@ -445,7 +446,11 @@ class ConnectionVcard:
                 avatar_sha = None
                 photo_decoded = None
             else:
-                photo_decoded = base64.b64decode(photo.encode('utf-8'))
+                try:
+                    photo_decoded = base64.b64decode(photo.encode('utf-8'))
+                except binascii.Error as error:
+                    app.log('avatar').warning('Invalid Avatar: %s', error)
+                    return None, None
                 avatar_sha = hashlib.sha1(photo_decoded).hexdigest()
 
         return avatar_sha, photo_decoded
diff --git a/gajim/common/connection_handlers_events.py b/gajim/common/connection_handlers_events.py
index 39abdb1da..3972e9d51 100644
--- a/gajim/common/connection_handlers_events.py
+++ b/gajim/common/connection_handlers_events.py
@@ -24,6 +24,7 @@
 from calendar import timegm
 import datetime
 import hashlib
+import binascii
 import base64
 import hmac
 import logging
@@ -599,7 +600,11 @@ class PubsubAvatarReceivedEvent(nec.NetworkIncomingEvent):
             log.warning('Received malformed avatar data via pubsub')
             log.warning(self.stanza)
             return
-        self.data = base64.b64decode(self.data.encode('utf-8'))
+        try:
+            self.data = base64.b64decode(self.data.encode('utf-8'))
+        except binascii.Error as err:
+            log.warning('Received malformed avatar data via pubsub: %s' % err)
+            return
 
         return True
 
diff --git a/gajim/vcard.py b/gajim/vcard.py
index bc237d722..1f0a9e166 100644
--- a/gajim/vcard.py
+++ b/gajim/vcard.py
@@ -36,6 +36,7 @@ from gi.repository import GLib
 from gi.repository import Gdk
 from gi.repository import GdkPixbuf
 import base64
+import binascii
 import time
 import locale
 import os
@@ -210,7 +211,12 @@ class VcardWindow:
                 photo_encoded = vcard[i]['BINVAL']
                 if photo_encoded == '':
                     continue
-                photo_decoded = base64.b64decode(photo_encoded.encode('utf-8'))
+                try:
+                    photo_decoded = base64.b64decode(
+                        photo_encoded.encode('utf-8'))
+                except binascii.Error as error:
+                    app.log('avatar').warning('Invalid Avatar: %s', error)
+                    continue
                 pixbuf = gtkgui_helpers.get_pixbuf_from_data(photo_decoded)
                 if pixbuf is None:
                     continue