diff --git a/SOURCES/exiv2-validation-of-size-and-offset-to-avoid-crash.patch b/SOURCES/exiv2-validation-of-size-and-offset-to-avoid-crash.patch
new file mode 100644
index 0000000..ec9e1cf
--- /dev/null
+++ b/SOURCES/exiv2-validation-of-size-and-offset-to-avoid-crash.patch
@@ -0,0 +1,14 @@
+diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
+index 29311fd..c0d9553 100644
+--- a/src/crwimage_int.cpp
++++ b/src/crwimage_int.cpp
+@@ -268,6 +268,9 @@ namespace Exiv2 {
+ #ifdef EXIV2_DEBUG_MESSAGES
+         std::cout << "Reading directory 0x" << std::hex << tag() << "\n";
+ #endif
++        if (this->offset() + this->size() > size)
++            throw Error(kerOffsetOutOfRange);
++
+         readDirectory(pData + offset(), this->size(), byteOrder);
+ #ifdef EXIV2_DEBUG_MESSAGES
+         std::cout << "<---- 0x" << std::hex << tag() << "\n";
diff --git a/SPECS/exiv2.spec b/SPECS/exiv2.spec
index 1c40614..06a2d5f 100644
--- a/SPECS/exiv2.spec
+++ b/SPECS/exiv2.spec
@@ -2,7 +2,7 @@
 Summary: Exif and Iptc metadata manipulation library
 Name:    exiv2
 Version: 0.27.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 
 License: GPLv2+
 URL:     http://www.exiv2.org/
@@ -20,6 +20,8 @@ Patch68: 0068-xmpsdk-Build-with-DBanAllEntityUsage-1.patch
 Patch69: 0069-xmpsdk-Fix-compile-warnings-in-ExpatAdapter.cpp.patch
 Patch79: 0079-Fixes-in-.pc-file-for-being-compatible-with-more-dis.patch
 
+Patch100: exiv2-validation-of-size-and-offset-to-avoid-crash.patch
+
 %if 0%{?rhel} == 7
 BuildRequires: llvm-toolset-7-cmake
 %else
@@ -131,6 +133,10 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
 
 
 %changelog
+* Tue Feb 18 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.0-3
+- Validate relationship of the total size to the offset to avoid crash
+  Resolves: bz#1775695
+
 * Mon Feb 04 2019 Jan Grulich <jgrulich@redhat.com> - 0.27.0-2
 - Minor improvements
   Resolves: bz#1652637