diff --git a/SOURCES/libarchive-3.2.1-CVE-2019-18408.patch b/SOURCES/libarchive-3.2.1-CVE-2019-18408.patch
new file mode 100644
index 0000000..7ec3494
--- /dev/null
+++ b/SOURCES/libarchive-3.2.1-CVE-2019-18408.patch
@@ -0,0 +1,31 @@
+From 738a3c456b52704ce2c45e10c7290db0d6fe3141 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Patrik=20Novotn=C3=BD?= <panovotn@redhat.com>
+Date: Wed, 15 Jan 2020 16:29:27 +0100
+Subject: [PATCH] RAR reader: fix use after free
+
+If read_data_compressed() returns ARCHIVE_FAILED, the caller is allowed
+to continue with next archive headers. We need to set rar->start_new_table
+after the ppmd7_context got freed, otherwise it won't be allocated again.
+---
+ libarchive/archive_read_support_format_rar.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index c95c78c..7765f27 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -966,8 +966,10 @@ archive_read_format_rar_read_data(struct archive_read *a, const void **buff,
+   case COMPRESS_METHOD_GOOD:
+   case COMPRESS_METHOD_BEST:
+     ret = read_data_compressed(a, buff, size, offset);
+-    if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN)
++    if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) {
+       __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context, &g_szalloc);
++      rar->start_new_table = 1;
++    }
+     break; 
+ 
+   default:
+-- 
+2.24.1
+
diff --git a/SPECS/libarchive.spec b/SPECS/libarchive.spec
index 608e3c3..b7d1876 100644
--- a/SPECS/libarchive.spec
+++ b/SPECS/libarchive.spec
@@ -1,6 +1,6 @@
 Name:           libarchive
 Version:        3.1.2
-Release:        12%{?dist}
+Release:        14%{?dist}
 Summary:        A library for handling streaming archive formats
 
 Group:          System Environment/Libraries
@@ -59,6 +59,7 @@ Patch26: libarchive-3.1.2-CVE-2019-1000019.patch
 Patch27: libarchive-3.1.2-CVE-2019-1000020.patch
 Patch28: libarchive-3.3.2-CVE-2018-1000878.patch
 Patch29: libarchive-3.3.2-CVE-2018-1000877.patch
+Patch30: libarchive-3.2.1-CVE-2019-18408.patch
 
 %description
 Libarchive is a programming library that can create and read several different
@@ -132,6 +133,7 @@ libarchive packages.
 %patch27 -p1 -b .CVE-2019-1000020
 %patch28 -p1 -b .CVE-2019-1000878
 %patch29 -p1 -b .CVE-2019-1000877
+%patch30 -p1 -b .CVE-2019-18408
 
 
 %build
@@ -225,6 +227,12 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Fri Jan 17 2020 Patrik Novotný <panovotn@redhat.com> - 3.1.2-14
+- Fix patch application error
+
+* Wed Jan 15 2020 Patrik Novotný <panovotn@redhat.com> - 3.1.2-13
+- Fix CVE-2019-18408: RAR use-after-free
+
 * Tue Apr 30 2019 Ondrej Dubaj <odubaj@redhat.com> - 3.1.2-12
 - fixed use after free in RAR decoder (#1700749)
 - fixed double free in RAR decoder (#1700748)