diff --git a/ChangeLog b/ChangeLog
index a2c6bb3..2a2fe64 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,7 @@ Fixes:
  - Remove unreachable code
  - nfc_emulate_uid: cleaner exit on interrupt
  - Fix reporting of modulations and baud rates by nfc-scan-device -v
+ - Fix out-of-bounds access in nfc-mfultralight
 
 Improvements:
  - Allow ISO14443A to be used at higher baud rates
diff --git a/utils/nfc-mfultralight.c b/utils/nfc-mfultralight.c
index 2a85626..31d6b82 100644
--- a/utils/nfc-mfultralight.c
+++ b/utils/nfc-mfultralight.c
@@ -168,7 +168,8 @@ write_card(void)
     // page (4 bytes). The Ultralight-specific Write command only
     // writes one page at a time.
     uiBlock = page / 4;
-    memcpy(mp.mpd.abtData, mtDump.amb[uiBlock].mbd.abtData + ((page % 4) * 4), 16);
+    memcpy(mp.mpd.abtData, mtDump.amb[uiBlock].mbd.abtData + ((page % 4) * 4), 4);
+    memset(mp.mpd.abtData + 4, 0, 12);
     if (!nfc_initiator_mifare_cmd(pnd, MC_WRITE, page, &mp))
       bFailure = true;