diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes
index d02cb27..66d568b 100644
--- a/ffmpeg-4.changes
+++ b/ffmpeg-4.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Oct 23 06:05:42 UTC 2018 - qzheng@suse.com
+
+- Add ffmpeg-CVE-2018-13305.patch to add a missing check for
+  negative values of mqaunt variable (CVE-2018-13305,
+  bsc#1100345).
+
 -------------------------------------------------------------------
 Thu Sep 13 23:17:35 UTC 2018 - 9+suse@cirno.systems
 
diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec
index 6312213..70fce95 100644
--- a/ffmpeg-4.spec
+++ b/ffmpeg-4.spec
@@ -120,6 +120,7 @@ Patch4:         ffmpeg-codec-choice.diff
 Patch5:         cve-2017-17555.diff
 Patch6:         0001-avformat-flvenc-Check-audio-packet-size.patch
 Patch7:         0001-avcodec-libaom-fix-setting-amount-of-threads.patch
+Patch8:         ffmpeg-CVE-2018-13305.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel
diff --git a/ffmpeg-CVE-2018-13305.patch b/ffmpeg-CVE-2018-13305.patch
new file mode 100644
index 0000000..9e47b0f
--- /dev/null
+++ b/ffmpeg-CVE-2018-13305.patch
@@ -0,0 +1,13 @@
+diff --git a/libavcodec/vc1_block.c b/libavcodec/vc1_block.c
+index b06ee9f..5b38183 100644
+--- a/libavcodec/vc1_block.c
++++ b/libavcodec/vc1_block.c
+@@ -188,7 +188,7 @@ static void vc1_put_signed_blocks_clamped(VC1Context *v)
+             mquant = v->altpq;                                 \
+         if ((edges&8) && s->mb_y == (s->mb_height - 1))        \
+             mquant = v->altpq;                                 \
+-        if (!mquant || mquant > 31) {                          \
++        if (!mquant || mquant > 31 || mquant < -31) {                          \
+             av_log(v->s.avctx, AV_LOG_ERROR,                   \
+                    "Overriding invalid mquant %d\n", mquant);  \
+             mquant = 1;                                        \