diff --git a/SOURCES/CVE-2020-12268.patch b/SOURCES/CVE-2020-12268.patch
new file mode 100644
index 0000000..cd7c58a
--- /dev/null
+++ b/SOURCES/CVE-2020-12268.patch
@@ -0,0 +1,48 @@
+From df29c989c7578476921d4f5ec277ee3cc9e87350 Mon Sep 17 00:00:00 2001
+From: Robin Watts <Robin.Watts@artifex.com>
+Date: Mon, 27 Jan 2020 10:12:24 -0800
+Subject: [PATCH] Fix OSS-Fuzz issue 20332: buffer overflow in
+ jbig2_image_compose.
+
+With extreme values of x/y/w/h we can get overflow. Test for this
+and exit safely.
+
+Thanks for OSS-Fuzz for reporting.
+---
+ jbig2_image.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/jbig2_image.c b/jbig2_image.c
+index 23e12ae..74050b9 100644
+--- a/jbig2_image.c
++++ b/jbig2_image.c
+@@ -30,6 +30,10 @@
+ #include "jbig2_priv.h"
+ #include "jbig2_image.h"
+ 
++#if !defined (UINT32_MAX)
++#define UINT32_MAX  0xffffffffu
++#endif
++
+ /* allocate a Jbig2Image structure and its associated bitmap */
+ Jbig2Image *
+ jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height)
+@@ -229,6 +233,15 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
+     uint8_t *d, *dd;
+     uint8_t mask, rightmask;
+ 
++    if ((UINT32_MAX - src->width  < (x > 0 ? x : -x)) ||
++        (UINT32_MAX - src->height < (y > 0 ? y : -y)))
++    {
++#ifdef JBIG2_DEBUG
++        jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "overflow in compose_image");
++#endif
++        return 0;
++    }
++
+     if (op != JBIG2_COMPOSE_OR) {
+         /* hand off the the general routine */
+         return jbig2_image_compose_unopt(ctx, dst, src, x, y, op);
+-- 
+2.26.2
+
diff --git a/SPECS/jbig2dec.spec b/SPECS/jbig2dec.spec
index d8ede1e..3d7fdea 100644
--- a/SPECS/jbig2dec.spec
+++ b/SPECS/jbig2dec.spec
@@ -1,6 +1,6 @@
 Name:           jbig2dec
 Version:        0.14
-Release:        2%{?dist}
+Release:        4%{?dist}
 Summary:        A decoder implementation of the JBIG2 image compression format 
 
 Group:          System Environment/Libraries
@@ -8,6 +8,9 @@ License:        GPLv2
 URL:            http://jbig2dec.sourceforge.net/
 Source0:        https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/%{name}-%{version}.tar.gz
 BuildRequires:  libtool
+Requires:       %{name}-libs = %{version}-%{release}
+
+Patch0:         CVE-2020-12268.patch
 
 %description
 jbig2dec is a decoder implementation of the JBIG2 image compression format.
@@ -47,6 +50,7 @@ which requires the jbig2dec library.
 
 %prep
 %setup -q
+%patch0 -p1
 
 
 %build
@@ -83,6 +87,14 @@ rm -f %{buildroot}%{_libdir}/*.la
 
 
 %changelog
+* Sun Jun 28 2020 Nikola Forró <nforro@redhat.com> - 0.14-4
+- Add explicit package version requirement on jbig2dec-libs to jbig2dec
+  related: #1851057
+
+* Fri Jun 26 2020 Nikola Forró <nforro@redhat.com> - 0.14-3
+- Fix CVE-2020-12268
+  resolves: #1851057
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.14-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild