diff --git a/src/api/image.rs b/src/api/image.rs
index 9e67fa3..c32a7c6 100644
--- a/src/api/image.rs
+++ b/src/api/image.rs
@@ -15,6 +15,8 @@ use std::sync::LazyLock;
 const MAX_IMAGE_DIMENSION: u32 = 4096;
 #[cfg(feature = "server")]
 const DEFAULT_JPEG_QUALITY: u8 = 85;
+#[cfg(feature = "server")]
+pub const MAX_IMAGE_PIXELS: u32 = 100_000_000; // ~10k x 10k
 
 #[cfg(feature = "server")]
 #[derive(Debug, Clone)]
diff --git a/src/webp.rs b/src/webp.rs
index cfb0199..b0a9ae2 100644
--- a/src/webp.rs
+++ b/src/webp.rs
@@ -86,6 +86,15 @@ pub fn decode(data: &[u8]) -> Result<image::DynamicImage, WebpError> {
     let height = info.height;
     let has_alpha = info.has_alpha;
 
+    let pixel_count = (width as u64) * (height as u64);
+
+    if pixel_count > crate::api::image::MAX_IMAGE_PIXELS as u64 {
+        return Err(WebpError::Decode(format!(
+            "Image dimensions {}x{} exceed maximum allowed pixels",
+            width, height
+        )));
+    }
+
     let buf_size = decoder
         .output_buffer_size()
         .ok_or_else(|| WebpError::Decode("Image too large".to_string()))?;