diff --git a/smartmontools/ChangeLog b/smartmontools/ChangeLog
index 9e3bc6f81beb1a157eba755035529bac23f3d371..ec6b6757617f4709653a84729b320cab81b88c20 100644
--- a/smartmontools/ChangeLog
+++ b/smartmontools/ChangeLog
@@ -1,5 +1,11 @@
 $Id$
 
+2021-11-29  Christian Franke  <franke@computer.org>
+
+	smartctl.cpp: Fix possible buffer overflow (#1546).
+	An overflow of 1-2 bytes occurred only if the '-n' option
+	was specified with an invalid argument.
+
 2021-11-28  Christian Franke  <franke@computer.org>
 
 	smartd.cpp: Fix write of ATA attributes to state files.
diff --git a/smartmontools/smartctl.cpp b/smartmontools/smartctl.cpp
index 35f839ebe8b63604148ce5e77e6e1cdb723370b3..6bb986548657d60528419a331c3786773d34a475 100644
--- a/smartmontools/smartctl.cpp
+++ b/smartmontools/smartctl.cpp
@@ -871,7 +871,7 @@ static int parse_options(int argc, char** argv, const char * & type,
       else {
         int n1 = -1, n2 = -1, n3 = -1, len = strlen(optarg);
         char s[7+1]; unsigned i = FAILPOWER, j = 0;
-        sscanf(optarg, "%9[a-z]%n,%u%n,%u%n", s, &n1, &i, &n2, &j, &n3);
+        sscanf(optarg, "%7[a-z]%n,%u%n,%u%n", s, &n1, &i, &n2, &j, &n3);
         if (!((n1 == len || n2 == len || n3 == len) && i <= 255 && j <= 255))
           badarg = true;
         else if (!strcmp(s, "sleep")) {