diff --git a/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff b/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
new file mode 100644
index 0000000..a05811b
--- /dev/null
+++ b/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
@@ -0,0 +1,13 @@
+Index: cairo-1.15.4/src/cairo-ft-font.c
+===================================================================
+--- cairo-1.15.4.orig/src/cairo-ft-font.c
++++ cairo-1.15.4/src/cairo-ft-font.c
+@@ -1149,7 +1149,7 @@ _get_bitmap_surface (FT_Bitmap		     *bi
+     width = bitmap->width;
+     height = bitmap->rows;
+ 
+-    if (width == 0 || height == 0) {
++    if (width == 0 || height == 0 || bitmap->buffer == NULL) {
+ 	*surface = (cairo_image_surface_t *)
+ 	    cairo_image_surface_create_for_data (NULL, format, 0, 0, 0);
+ 	return (*surface)->base.status;
diff --git a/cairo.changes b/cairo.changes
index a935958..9f20f7f 100644
--- a/cairo.changes
+++ b/cairo.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Jun  7 10:06:55 UTC 2017 - alarrosa@suse.com
+
+- Add cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff to
+  fix a segfault in get_bitmap_surface due to malformed font
+  (bsc#1036789, fdo#100763, CVE-2017-7475).
+
 -------------------------------------------------------------------
 Wed Mar  8 19:41:41 UTC 2017 - zaitor@opensuse.org
 
diff --git a/cairo.spec b/cairo.spec
index f226d74..dae4158 100644
--- a/cairo.spec
+++ b/cairo.spec
@@ -31,6 +31,8 @@ Source99:       baselibs.conf
 Patch0:         cairo-xlib-endianness.patch
 # PATCH-FIX-UPSTREAM cairo-pdf-fixes.patch fdo#99630 zaitor@opensuse.org -- Three minor pdf fixes from upstream git.
 Patch1:         cairo-pdf-fixes.patch
+# PATCH-FIX-UPSTREAM cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff alarrosa@suse.com -- Fix segfault in get_bitmap_surface
+Patch2:         cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
 BuildRequires:  gtk-doc
 BuildRequires:  pkg-config
 BuildRequires:  pkgconfig(fontconfig)
@@ -103,9 +105,9 @@ hardware acceleration when available.
 
 %package tools
 Summary:        Utilities for cairo, a Vector Graphics Library with Cross-Device Output Support
-# We need an explicit requires since nothing links to the cairo library
 License:        GPL-3.0+
 Group:          Development/Libraries/X11
+# We need an explicit requires since nothing links to the cairo library
 Requires:       libcairo2 = %{version}
 # Named changed during  development of 11.4
 Provides:       %{name}-utils = %{version}
@@ -138,6 +140,7 @@ cairo.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 %configure \