diff --git a/lib/jws/verify.js b/lib/jws/verify.js
index 9e6fe7d..27f3561 100644
--- a/lib/jws/verify.js
+++ b/lib/jws/verify.js
@@ -87,12 +87,15 @@ var JWSVerifier = function(ks, globalOpts) {
       // combine fields and decode signature per signatory
       sigList = sigList.map(function(s) {
         var header = clone(s.header || {});
-        var protect = s.protected ?
-                      JSON.parse(base64url.decode(s.protected, "utf8")) :
-                      {};
+        try {
+          var protect = s.protected ?
+                        JSON.parse(base64url.decode(s.protected, "utf8")) :
+                        {};
+        } catch (error) {
+          return Promise.reject(new Error("Parsing error: " + error));
+        }
         header = merge(header, protect);
         var signature = base64url.decode(s.signature);
-
         // process allowed algorithims
         if (!algSpec.match(header.alg)) {
           return Promise.reject(new Error("Algorithm not allowed: " + header.alg));