diff --git a/CVE-2019-13616.patch b/CVE-2019-13616.patch
new file mode 100644
index 0000000..eb11b02
--- /dev/null
+++ b/CVE-2019-13616.patch
@@ -0,0 +1,15 @@
+diff -r f1baffa48926 -r ba45f00879ba IMG_bmp.c
+--- a/IMG_bmp.c	Tue Jul 30 10:16:02 2019 -0700
++++ b/IMG_bmp.c	Tue Jul 30 11:00:12 2019 -0700
+@@ -351,6 +351,11 @@
+             SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR);
+         }
+     }
++    if (biWidth <= 0 || biHeight == 0) {
++        IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
++        was_error = SDL_TRUE;
++        goto done;
++    }
+     if (biHeight < 0) {
+         topDown = SDL_TRUE;
+         biHeight = -biHeight;
diff --git a/SDL2_image.changes b/SDL2_image.changes
index 59996ea..d2eed4f 100644
--- a/SDL2_image.changes
+++ b/SDL2_image.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Aug 23 14:04:59 UTC 2019 - Michael Gorse <mgorse@suse.com>
+
+- Add CVE-2019-13616.patch: fix heap buffer overflow when reading
+  a crafted bmp file (boo#1141844 CVE-2019-13616).
+
 -------------------------------------------------------------------
 Fri Aug 23 09:53:45 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/SDL2_image.spec b/SDL2_image.spec
index 73d70f2..4ec81cf 100644
--- a/SDL2_image.spec
+++ b/SDL2_image.spec
@@ -28,6 +28,7 @@ URL:            https://libsdl.org/projects/SDL_image/
 #Hg-Clone:	http://hg.libsdl.org/SDL_image/
 Source:         https://libsdl.org/projects/SDL_image/release/%name-%version.tar.gz
 Source2:        baselibs.conf
+Patch1:         CVE-2019-13616.patch
 BuildRequires:  dos2unix
 BuildRequires:  libjpeg-devel
 BuildRequires:  libtiff-devel