diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 9f6ac13fbb3..d89fd437a2d 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -9236,7 +9236,7 @@ function dolIsAllowedForPreview($file)
 
 
 /**
- *	Return mime type of a file
+ *	Return MIME type of a file from its name with extension.
  *
  *	@param	string	$file		Filename we looking for MIME type
  *  @param  string	$default    Default mime type if extension not found in known list
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index 24c41e5e927..dee62999cf4 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -229,6 +229,11 @@ $original_file = str_replace('..\\', '/', $original_file);
 // Find the subdirectory name as the reference
 $refname = basename(dirname($original_file)."/");
 
+// Check that file is allowed for view with viewimage.php
+if (!dolIsAllowedForPreview($original_file)) {
+	accessforbidden('This file is not qualified for preview', 0, 0, 1);
+}
+
 // Security check
 if (empty($modulepart)) {
 	accessforbidden('Bad value for parameter modulepart', 0, 0, 1);