diff --git a/SOURCES/qt-fix-buffer-overflow-in-xbm-parser.patch b/SOURCES/qt-fix-buffer-overflow-in-xbm-parser.patch
new file mode 100644
index 0000000..253e470
--- /dev/null
+++ b/SOURCES/qt-fix-buffer-overflow-in-xbm-parser.patch
@@ -0,0 +1,15 @@
+diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp
+index 414e8233..2824480b 100644
+--- a/src/gui/image/qxbmhandler.cpp
++++ b/src/gui/image/qxbmhandler.cpp
+@@ -154,7 +154,9 @@ static bool read_xbm_body(QIODevice *device, int w, int h, QImage *outImage)
+     w = (w+7)/8;                                // byte width
+ 
+     while (y < h) {                                // for all encoded bytes...
+-        if (p) {                                // p = "0x.."
++        if (p && p < (buf + readBytes - 3)) {      // p = "0x.."
++            if (!isxdigit(p[2]) || !isxdigit(p[3]))
++                return false;
+             *b++ = hex2byte(p+2);
+             p += 2;
+             if (++x == w && ++y < h) {
diff --git a/SPECS/qt.spec b/SPECS/qt.spec
index a2b08a0..1852e13 100644
--- a/SPECS/qt.spec
+++ b/SPECS/qt.spec
@@ -26,7 +26,7 @@ Summary: Qt toolkit
 Name:    qt
 Epoch:   1
 Version: 4.8.7
-Release: 8%{?dist}
+Release: 9%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
@@ -201,7 +201,6 @@ Patch114: qt-revert-QTBUG-15319-fix-shortcuts-with-secondary-Xkb.patch
 Patch115: qt-everywhere-opensource-src-4.8.5-do-not-close-apps-on-gnome-shutdown-dialog.patch
 
 
-
 ## upstream git
 
 # security patches
@@ -217,6 +216,8 @@ Patch203: qt-check-for-qimage-allocation-failure-in-qgifhandler.patch
 Patch204: qt-tga-handler-check-for-out-of-range-image-size.patch
 # Bug 1667862 - CVE-2018-19873 qt: qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file
 Patch205: qt-bmp-image-handler-check-for-out-of-range-image-size.patch
+# Bug 1870297 - CVE-2020-17507 qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp
+Patch206: qt-fix-buffer-overflow-in-xbm-parser.patch
 
 # desktop files
 Source20: assistant.desktop
@@ -630,6 +631,7 @@ rm -rf src/3rdparty/clucene
 %patch203 -p1 -b .check-for-qimage-allocation-failure-in-qgifhandler.patch
 %patch204 -p1 -b .tga-handler-check-for-out-of-range-image-size.patch
 %patch205 -p1 -b .bmp-image-handler-check-for-out-of-range-image-size.patch
+%patch206 -p1 -b .fix-buffer-overflow-in-xbm-parser
 
 %define platform linux-g++
 
@@ -1347,6 +1349,10 @@ fi
 
 
 %changelog
+* Thu Sep 24 2020 Jan Grulich <jgrulich@redhat.com> - 1:4.8.7-9
+- Fix buffer overflow in XBM parser
+  Resolves: bz#1870297
+
 * Fri Dec 06 2019 Jan Grulich <jgrulich@redhat.com> - 1:4.8.7-8
 - Fix QImage allocation failure in qgifhandler
   Resolves: bz#1667863