diff --git a/SOURCES/CVE-2020-5313.patch b/SOURCES/CVE-2020-5313.patch
new file mode 100644
index 0000000..3f3ddd9
--- /dev/null
+++ b/SOURCES/CVE-2020-5313.patch
@@ -0,0 +1,38 @@
+From 2e2244d195c4fe8b2550afa1add46c0ad2402830 Mon Sep 17 00:00:00 2001
+From: Lumir Balhar <lbalhar@redhat.com>
+Date: Wed, 4 Mar 2020 08:55:10 +0100
+Subject: [PATCH] CVE-2020-5313
+
+---
+ python-imaging-Pillow-d1c6db8/libImaging/FliDecode.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/python-imaging-Pillow-d1c6db8/libImaging/FliDecode.c b/python-imaging-Pillow-d1c6db8/libImaging/FliDecode.c
+index 940171f..5004d39 100644
+--- a/python-imaging-Pillow-d1c6db8/libImaging/FliDecode.c
++++ b/python-imaging-Pillow-d1c6db8/libImaging/FliDecode.c
+@@ -40,8 +40,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
+ 	return 0;
+ 
+     /* We don't decode anything unless we have a full chunk in the
+-       input buffer (on the other hand, the Python part of the driver
+-       makes sure this is always the case) */
++       input buffer */
+ 
+     ptr = buf;
+ 
+@@ -52,6 +51,11 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
+     /* Make sure this is a frame chunk.  The Python driver takes
+        case of other chunk types. */
+ 
++    if (bytes < 8) {
++        state->errcode = IMAGING_CODEC_OVERRUN;
++        return -1;
++    }
++
+     if (I16(ptr+4) != 0xF1FA) {
+ 	state->errcode = IMAGING_CODEC_UNKNOWN;
+ 	return -1;
+-- 
+2.24.1
+
diff --git a/SPECS/python-pillow.spec b/SPECS/python-pillow.spec
index 0e91629..c107b13 100644
--- a/SPECS/python-pillow.spec
+++ b/SPECS/python-pillow.spec
@@ -23,7 +23,7 @@
 
 Name:           python-pillow
 Version:        2.0.0
-Release:        20%{?snap}%{?dist}
+Release:        21%{?snap}%{?dist}
 Summary:        Python image processing library
 
 # License: see http://www.pythonware.com/products/pil/license.htm
@@ -49,6 +49,10 @@ Patch3:         python-pillow-2.0.0_memleaks.patch
 # https://github.com/python-pillow/Pillow/commit/cc16025e234b7a7a4dd3a86d2fdc0980698db9cc
 # https://github.com/python-pillow/Pillow/commit/b36c1bc943d554ba223086c7efb502d080f73905
 Patch4:         CVE-2020-5312_CVE-2019-16865.patch
+# CVE-2020-5313 out-of-bounds read in ImagingFliDecode when loading FLI images
+# Upstream fix: https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b?patch
+# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=1789532
+Patch5:         CVE-2020-5313.patch
 
 BuildRequires:  python2-devel
 BuildRequires:  python-setuptools
@@ -217,6 +221,7 @@ PIL image wrapper for Qt.
 %patch2 -p1 -b .byte_array
 %patch3 -p1 -b .memleaks
 %patch4 -p2 -b .cves
+%patch5 -p2 -b .cve_2020_5313
 
 %if %{with_python3}
 # Create Python 3 source tree
@@ -374,6 +379,10 @@ popd
 %endif
 
 %changelog
+* Wed Mar 04 2020 Lumír Balhar <lbalhar@redhat.com> - 2.0.0-21gitd1c6db8
+- Fix for CVE-2020-5313
+Resolves: rhbz#1789532
+
 * Wed Feb 12 2020 Lumír Balhar <lbalhar@redhat.com> - 2.0.0-20gitd1c6db8
 - Combined fixes for CVE-2020-5312 and CVE-2019-16865
 Resolves: rhbz#1789533