diff --git a/sphaira/CMakeLists.txt b/sphaira/CMakeLists.txt
index 2f43ef2..553f2ff 100644
--- a/sphaira/CMakeLists.txt
+++ b/sphaira/CMakeLists.txt
@@ -1,6 +1,6 @@
 cmake_minimum_required(VERSION 3.13)
 
-set(sphaira_VERSION 0.10.2)
+set(sphaira_VERSION 0.10.3)
 
 project(sphaira
     VERSION ${sphaira_VERSION}
diff --git a/sphaira/source/nro.cpp b/sphaira/source/nro.cpp
index 1cd53f9..6833d1a 100644
--- a/sphaira/source/nro.cpp
+++ b/sphaira/source/nro.cpp
@@ -57,6 +57,7 @@ auto nro_parse_internal(fs::FsNative& fs, const fs::FsPath& path, NroEntry& entr
 
     // some .nro (vgedit) have bad nacp, fake the nacp
     if (asset.magic != NROASSETHEADER_MAGIC || asset.nacp.offset == 0 || asset.nacp.size != sizeof(entry.nacp)) {
+        std::memset(&asset, 0, sizeof(asset));
         std::memset(&entry.nacp, 0, sizeof(entry.nacp));
 
         // get the name without the .nro
@@ -157,6 +158,11 @@ auto nro_scan_internal(const fs::FsPath& path, std::vector<NroEntry>& nros, bool
 }
 
 auto nro_get_icon_internal(FsFile* f, u64 size, u64 offset) -> std::vector<u8> {
+    // protect again really messed up sizes.
+    if (size > 1024 * 1024) {
+        return {};
+    }
+
     std::vector<u8> icon;
     u64 bytes_read{};
     icon.resize(size);