diff --git a/SOURCES/libarchive-3.3.2-CVE-2019-18408.patch b/SOURCES/libarchive-3.3.2-CVE-2019-18408.patch
new file mode 100644
index 0000000..1811e77
--- /dev/null
+++ b/SOURCES/libarchive-3.3.2-CVE-2019-18408.patch
@@ -0,0 +1,31 @@
+From 1abcbf1af5209631ccf4fca4ddcab3c863294c85 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Patrik=20Novotn=C3=BD?= <panovotn@redhat.com>
+Date: Wed, 15 Jan 2020 16:10:04 +0100
+Subject: [PATCH] RAR reader: fix use after free
+
+If read_data_compressed() returns ARCHIVE_FAILED, the caller is allowed
+to continue with next archive headers. We need to set rar->start_new_table
+after the ppmd7_context got freed, otherwise it won't be allocated again.
+---
+ libarchive/archive_read_support_format_rar.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index cbb14c32..9c26ef97 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -1037,8 +1037,10 @@ archive_read_format_rar_read_data(struct archive_read *a, const void **buff,
+   case COMPRESS_METHOD_GOOD:
+   case COMPRESS_METHOD_BEST:
+     ret = read_data_compressed(a, buff, size, offset);
+-    if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN)
++    if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) {
+       __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context, &g_szalloc);
++      rar->start_new_table = 1;
++    }
+     break;
+ 
+   default:
+-- 
+2.24.1
+
diff --git a/SPECS/libarchive.spec b/SPECS/libarchive.spec
index 977d6e2..82b00da 100644
--- a/SPECS/libarchive.spec
+++ b/SPECS/libarchive.spec
@@ -2,7 +2,7 @@
 
 Name:           libarchive
 Version:        3.3.2
-Release:        7%{?dist}
+Release:        8%{?dist}
 Summary:        A library for handling streaming archive formats
 
 License:        BSD
@@ -16,6 +16,7 @@ Patch3:        libarchive-3.3.2-CVE-2018-1000878.patch
 Patch4:        libarchive-3.3.2-CVE-2018-1000877.patch
 Patch5:        fix-use-after-free-in-delayed-newc.patch
 Patch6:        fix-few-obvious-resource-leaks-covscan.patch
+Patch7:        libarchive-3.3.2-CVE-2019-18408.patch
 
 BuildRequires:  gcc
 BuildRequires:  bison
@@ -219,6 +220,9 @@ run_testsuite
 
 
 %changelog
+* Wed Jan 15 2020 Patrik Novotný <panovotn@redhat.com> - 3.3.2-8
+- Fix CVE-2019-18408: RAR use-after-free
+
 * Mon May 27 2019 Ondrej Dubaj <odubaj@redhat.com> - 3.3.2-7
 - fix use-after-free in delayed newc link processing (#1602575)
 - fix a few obvious resource leaks and strcpy() misuses (#1602575)