diff --git a/src/source-pcap-file-helper.c b/src/source-pcap-file-helper.c
index 8853080e91..936b65fb3d 100644
--- a/src/source-pcap-file-helper.c
+++ b/src/source-pcap-file-helper.c
@@ -77,7 +77,7 @@ void PcapFileCallbackLoop(char *user, struct pcap_pkthdr *h, u_char *pkt)
     PACKET_PROFILING_TMM_START(p, TMM_RECEIVEPCAPFILE);
 
     PKT_SET_SRC(p, PKT_SRC_WIRE);
-    p->ts = SCTIME_FROM_TIMEVAL(&h->ts);
+    p->ts = SCTIME_FROM_TIMEVAL_UNTRUSTED(&h->ts);
     SCLogDebug("p->ts.tv_sec %" PRIuMAX "", (uintmax_t)SCTIME_SECS(p->ts));
     p->datalink = ptv->datalink;
     p->pcap_cnt = ++pcap_g.cnt;
diff --git a/src/util-time.h b/src/util-time.h
index 5be13ebdbc..9bbd8798dd 100644
--- a/src/util-time.h
+++ b/src/util-time.h
@@ -73,6 +73,13 @@ typedef struct {
     {                                                                                              \
         .secs = (tv)->tv_sec, .usecs = (tv)->tv_usec                                               \
     }
+/** \brief variant to deal with potentially bad timestamps, like from pcap files */
+#define SCTIME_FROM_TIMEVAL_UNTRUSTED(tv)                                                          \
+    (SCTime_t)                                                                                     \
+    {                                                                                              \
+        .secs = ((tv)->tv_sec > 0) ? (tv)->tv_sec : 0,                                             \
+        .usecs = ((tv)->tv_usec > 0) ? (tv)->tv_usec : 0                                           \
+    }
 #define SCTIME_FROM_TIMESPEC(ts)                                                                   \
     (SCTime_t)                                                                                     \
     {                                                                                              \