diff --git a/tree/ntuple/inc/ROOT/RNTupleZip.hxx b/tree/ntuple/inc/ROOT/RNTupleZip.hxx
index 6a1cd72a3ff35..77bbd5f217e68 100644
--- a/tree/ntuple/inc/ROOT/RNTupleZip.hxx
+++ b/tree/ntuple/inc/ROOT/RNTupleZip.hxx
@@ -17,6 +17,8 @@
 #include <RZip.h>
 #include <TError.h>
 
+#include <ROOT/RError.hxx>
+
 #include <algorithm>
 #include <array>
 #include <cstring>
@@ -116,15 +118,17 @@ public:
          int szSource;
          int szTarget;
          int retval = R__unzip_header(&szSource, source, &szTarget);
-         R__ASSERT(retval == 0);
-         R__ASSERT(szSource > 0);
-         R__ASSERT(szTarget > szSource);
-         R__ASSERT(static_cast<unsigned int>(szSource) <= nbytes);
-         R__ASSERT(static_cast<unsigned int>(szTarget) <= dataLen);
+         if (R__unlikely(!((retval == 0) && (szSource > 0) && (szTarget > szSource) &&
+                           (static_cast<unsigned int>(szSource) <= nbytes) &&
+                           (static_cast<unsigned int>(szTarget) <= dataLen)))) {
+            throw ROOT::RException(R__FAIL("failed to unzip buffer header"));
+         }
 
          int unzipBytes = 0;
          R__unzip(&szSource, source, &szTarget, target, &unzipBytes);
-         R__ASSERT(unzipBytes == szTarget);
+         if (R__unlikely(unzipBytes != szTarget))
+            throw ROOT::RException(R__FAIL(std::string("unexpected length after unzipping the buffer (wanted: ") +
+                                           std::to_string(szTarget) + ", got: " + std::to_string(unzipBytes) + ")"));
 
          target += szTarget;
          source += szSource;
diff --git a/tree/ntuple/test/ntuple_zip.cxx b/tree/ntuple/test/ntuple_zip.cxx
index c5eefffd9e08c..d1a2da7e91ae8 100644
--- a/tree/ntuple/test/ntuple_zip.cxx
+++ b/tree/ntuple/test/ntuple_zip.cxx
@@ -56,3 +56,16 @@ TEST(RNTupleZip, LargeWithOutputBuffer)
    RNTupleDecompressor::Unzip(zipBuffer.get(), szZip, N, unzipBuffer.get());
    EXPECT_EQ(data, std::string_view(unzipBuffer.get(), N));
 }
+
+TEST(RNTupleZip, CorruptedInput)
+{
+   std::string data = "xxxxxxxxxxxxxxxxxxxxxxxx";
+   auto zipBuffer = MakeUninitArray<unsigned char>(data.length());
+   auto szZipped = RNTupleCompressor::Zip(data.data(), data.length(), 101, zipBuffer.get());
+   EXPECT_LT(szZipped, data.length());
+   auto unzipBuffer = MakeUninitArray<unsigned char>(data.length());
+   // corrupt the buffer header
+   memset(zipBuffer.get() + 1, 0xCD, 5);
+   EXPECT_THROW(RNTupleDecompressor::Unzip(zipBuffer.get(), szZipped, data.length(), unzipBuffer.get()),
+                ROOT::RException);
+}