diff --git a/NEWS b/NEWS
index fd9a08f0f40..e6e36301a88 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,10 @@ PHP                                                                        NEWS
   . Fixed bug GH-16316 (DOMXPath breaks when not initialized properly).
     (nielsdos)
 
+- MBstring:
+  . Fixed bug GH-16361 (mb_substr overflow on start/length arguments).
+    (David Carlier)
+
 - PHPDBG:
   . Fixed bug GH-16174 (Empty string is an invalid expression for ev). (cmb)
 
diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
index bab35c0c1a5..9c2ecc44550 100644
--- a/ext/mbstring/mbstring.c
+++ b/ext/mbstring/mbstring.c
@@ -2326,6 +2326,16 @@ PHP_FUNCTION(mb_substr)
 		Z_PARAM_STR_OR_NULL(encoding)
 	ZEND_PARSE_PARAMETERS_END();
 
+	if (from == ZEND_LONG_MIN) {
+		zend_argument_value_error(2, "must be between " ZEND_LONG_FMT " and " ZEND_LONG_FMT, (ZEND_LONG_MIN + 1), ZEND_LONG_MAX);
+		RETURN_THROWS();
+	}
+
+	if (!len_is_null && len == ZEND_LONG_MIN) {
+		zend_argument_value_error(3, "must be between " ZEND_LONG_FMT " and " ZEND_LONG_FMT, (ZEND_LONG_MIN + 1), ZEND_LONG_MAX);
+		RETURN_THROWS();
+	}
+
 	const mbfl_encoding *enc = php_mb_get_encoding(encoding, 4);
 	if (!enc) {
 		RETURN_THROWS();
diff --git a/ext/mbstring/tests/gh16360.phpt b/ext/mbstring/tests/gh16360.phpt
new file mode 100644
index 00000000000..4e2e8fb4bfc
--- /dev/null
+++ b/ext/mbstring/tests/gh16360.phpt
@@ -0,0 +1,23 @@
+--TEST--
+GH-16320 mb_substr overflow from negative length
+--EXTENSIONS--
+mbstring
+--FILE--
+<?php
+try {
+	mb_substr("abcd", PHP_INT_MIN, 4, "UTF-8");
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+try {
+	mb_substr("abcd", 0, PHP_INT_MIN, "UTF-8");
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+var_dump(mb_substr("abcd", PHP_INT_MAX, PHP_INT_MAX, "UTF-8"));
+?>
+--EXPECTF--
+mb_substr(): Argument #2 ($start) must be between %s and %s
+mb_substr(): Argument #3 ($length) must be between %s and %s
+string(0) ""
+