diff --git a/NEWS b/NEWS
index c58928054b8..a19a17af7fe 100644
--- a/NEWS
+++ b/NEWS
@@ -40,6 +40,9 @@ PHP                                                                        NEWS
   . Fixed bug GH-16336 (Attribute intern document mismanagement). (nielsdos)
   . Fixed bug GH-16338 (Null-dereference in ext/dom/node.c). (nielsdos)
   . Fixed bug GH-16473 (dom_import_simplexml stub is wrong). (nielsdos)
+  . Fixed bug GH-16533 (Segfault when adding attribute to parent that is not
+    an element). (nielsdos)
+  . Fixed bug GH-16535 (UAF when using document as a child). (nielsdos)
 
 - EXIF:
   . Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a
diff --git a/ext/dom/node.c b/ext/dom/node.c
index 1a433468ede..c0fd56a472a 100644
--- a/ext/dom/node.c
+++ b/ext/dom/node.c
@@ -864,6 +864,17 @@ static bool dom_node_check_legacy_insertion_validity(xmlNodePtr parentp, xmlNode
 		php_dom_throw_error(HIERARCHY_REQUEST_ERR, stricterror);
 		return false;
 	}
+	/* Attributes must be in elements. */
+	if (child->type == XML_ATTRIBUTE_NODE && parentp->type != XML_ELEMENT_NODE) {
+		php_dom_throw_error(HIERARCHY_REQUEST_ERR, stricterror);
+		return false;
+	}
+
+	/* Documents can never be a child. */
+	if (child->type == XML_DOCUMENT_NODE || child->type == XML_HTML_DOCUMENT_NODE) {
+		php_dom_throw_error(HIERARCHY_REQUEST_ERR, stricterror);
+		return false;
+	}
 
 	return true;
 }
diff --git a/ext/dom/tests/gh16533.phpt b/ext/dom/tests/gh16533.phpt
new file mode 100644
index 00000000000..dad40e88b4d
--- /dev/null
+++ b/ext/dom/tests/gh16533.phpt
@@ -0,0 +1,20 @@
+--TEST--
+GH-16533 (Segfault when adding attribute to parent that is not an element)
+--EXTENSIONS--
+dom
+--FILE--
+<?php
+
+$doc = new DOMDocument();
+try {
+    $doc->appendChild($doc->createAttribute('foo'));
+} catch (DOMException $e) {
+    echo $e->getMessage(), "\n";
+}
+
+echo $doc->saveXML();
+
+?>
+--EXPECT--
+Hierarchy Request Error
+<?xml version="1.0"?>
diff --git a/ext/dom/tests/gh16535.phpt b/ext/dom/tests/gh16535.phpt
new file mode 100644
index 00000000000..1c8d282303c
--- /dev/null
+++ b/ext/dom/tests/gh16535.phpt
@@ -0,0 +1,25 @@
+--TEST--
+GH-16535 (UAF when using document as a child)
+--EXTENSIONS--
+dom
+--FILE--
+<?php
+
+$v2 = new DOMDocument("t");
+
+$v2->loadHTML("t");
+$v4 = $v2->createElement('foo');
+try {
+    $v4->appendChild($v2);
+} catch (DOMException $e) {
+    echo $e->getMessage(), "\n";
+}
+$v2->loadHTML("oU");
+echo $v2->saveXML();
+
+?>
+--EXPECT--
+Hierarchy Request Error
+<?xml version="1.0" standalone="yes"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
+<html><body><p>oU</p></body></html>