diff --git a/CVE-2019-13616.patch b/CVE-2019-13616.patch
new file mode 100644
index 0000000..3feeff0
--- /dev/null
+++ b/CVE-2019-13616.patch
@@ -0,0 +1,15 @@
+diff -r 9ccaa3a0dfb6 -r a59bfe382008 IMG_bmp.c
+--- a/IMG_bmp.c	Thu Jul 11 01:01:56 2019 +0300
++++ b/IMG_bmp.c	Tue Jul 30 21:29:15 2019 +0300
+@@ -272,6 +272,11 @@
+ 		biClrUsed	= SDL_ReadLE32(src);
+ 		biClrImportant	= SDL_ReadLE32(src);
+ 	}
++	if (biWidth <= 0 || biHeight == 0) {
++		IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
++		was_error = SDL_TRUE;
++		goto done;
++	}
+ 	if (biHeight < 0) {
+ 		topDown = SDL_TRUE;
+ 		biHeight = -biHeight;
diff --git a/SDL_image.changes b/SDL_image.changes
index 25f9a8e..8ebf944 100644
--- a/SDL_image.changes
+++ b/SDL_image.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Aug 22 19:51:00 UTC 2019 - Michael Gorse <mgorse@suse.com>
+
+- Add CVE-2019-13616.patch: fix heap buffer overflow when reading 
+  a crafted bmp file (boo#1141844 CVE-2019-13616).
+
 -------------------------------------------------------------------
 Thu Jan  8 09:34:38 UTC 2015 - jengelh@inai.de
 
diff --git a/SDL_image.spec b/SDL_image.spec
index 37e389c..3de3329 100644
--- a/SDL_image.spec
+++ b/SDL_image.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package SDL_image
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -21,13 +21,14 @@ Name:           SDL_image
 Version:        1.2.12
 Release:        0
 Summary:        SDL image loading library
-License:        LGPL-2.1+
+License:        LGPL-2.1-or-later
 Group:          Development/Libraries/X11
 Url:            http://libsdl.org/projects/SDL_image/release-1.2.html
 
 # removed VisualC.zip, VisualCE.zip, Watcom-OS2.zip, Xcode.tar.gz, Xcode_iPhone.tar.gz from upstream tarball [bnc#508084]
 Source:         %name-%version-repack.tar.bz2
 Source3:        baselibs.conf
+Patch0:         CVE-2019-13616.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  libjpeg-devel
 BuildRequires:  libtiff-devel
@@ -66,6 +67,7 @@ TIFF and WEBP formats.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %configure --disable-png-shared --disable-jpg-shared --disable-tif-shared \