diff --git a/core/src/main/java/org/keycloak/jose/jwk/JWKParser.java b/core/src/main/java/org/keycloak/jose/jwk/JWKParser.java
index 14d6ee9b1f..67bb3dc34a 100755
--- a/core/src/main/java/org/keycloak/jose/jwk/JWKParser.java
+++ b/core/src/main/java/org/keycloak/jose/jwk/JWKParser.java
@@ -79,9 +79,23 @@ public class JWKParser {
     }
 
     private PublicKey createECPublicKey() {
+        /* Check if jwk.getOtherClaims return an empty map */
+        if (jwk.getOtherClaims().size() == 0) {
+            throw new RuntimeException("JWK Otherclaims map is empty.");
+        }
+
+        /* Try retrieving the necessary fields */
         String crv = (String) jwk.getOtherClaims().get(ECPublicJWK.CRV);
-        BigInteger x = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.X)));
-        BigInteger y = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.Y)));
+        String xStr = (String) jwk.getOtherClaims().get(ECPublicJWK.X);
+        String yStr = (String) jwk.getOtherClaims().get(ECPublicJWK.Y);
+
+        /* Check if the retrieving of necessary fields success */
+        if (crv == null || xStr == null || yStr == null) {
+            throw new RuntimeException("Fail to retrieve ECPublicJWK.CRV, ECPublicJWK.X or ECPublicJWK.Y field.");
+        }
+
+        BigInteger x = new BigInteger(1, Base64Url.decode(xStr));
+        BigInteger y = new BigInteger(1, Base64Url.decode(yStr));
 
         String name;
         switch (crv) {
diff --git a/core/src/test/java/org/keycloak/jose/jwk/JWKTest.java b/core/src/test/java/org/keycloak/jose/jwk/JWKTest.java
index a25960d8ee..92ea511eaf 100644
--- a/core/src/test/java/org/keycloak/jose/jwk/JWKTest.java
+++ b/core/src/test/java/org/keycloak/jose/jwk/JWKTest.java
@@ -27,6 +27,7 @@ import org.keycloak.common.util.KeyUtils;
 import org.keycloak.common.util.PemUtils;
 import org.keycloak.crypto.JavaAlgorithm;
 import org.keycloak.crypto.KeyType;
+import org.keycloak.crypto.KeyUse;
 import org.keycloak.common.crypto.CryptoIntegration;
 import org.keycloak.rule.CryptoInitRule;
 import org.keycloak.util.JsonSerialization;
@@ -47,6 +48,7 @@ import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 import static org.keycloak.common.util.CertificateUtils.generateV1SelfSignedCertificate;
 
 /**
@@ -207,6 +209,23 @@ public abstract class JWKTest {
         assertEquals("X.509", key.getFormat());
     }
 
+    @Test
+    public void emptyEcOverclaim() throws Exception {
+        JWKBuilder builder = JWKBuilder.create();
+        KeyPairGenerator generator = KeyPairGenerator.getInstance("EC");
+        KeyPair keyPair = generator.generateKeyPair();
+        JWK jwk = builder.ec(keyPair.getPublic(), KeyUse.ENC);
+        JWKParser parser = new JWKParser(jwk);
+
+        try {
+            parser.toPublicKey();
+        } catch (NullPointerException e) {
+            fail("NullPointerException is thrown: " + e.getMessage());
+        } catch (RuntimeException e) {
+            // Other runtime exception is expected.
+        }
+    }
+
     private byte[] sign(byte[] data, String javaAlgorithm, PrivateKey key) throws Exception {
         Signature signature = Signature.getInstance(javaAlgorithm);
         signature.initSign(key);