diff --git a/gimp-CVE-2026-2239.patch b/gimp-CVE-2026-2239.patch
new file mode 100644
index 0000000..7eb9051
--- /dev/null
+++ b/gimp-CVE-2026-2239.patch
@@ -0,0 +1,37 @@
+From 8cf2772f5631719ae0e4e701bd7ef793b1f59cfa Mon Sep 17 00:00:00 2001
+From: Jacob Boerema <jgboerema@gmail.com>
+Date: Fri, 6 Feb 2026 15:56:07 -0500
+Subject: [PATCH] plug-ins: fix #15812 PSD loader: heap-buffer-overflow ...
+
+in fread_pascal_string
+
+In plug-ins/file-psd/psd-util.c, the function fread_pascal_string()
+allocates a buffer with g_malloc(len) and reads len bytes from the file
+into it. The buffer is not null-terminated, but is assumed to be in
+later code.
+This causes it to read past the end of its allocated region with a
+specially crafted PSD, causing a heap-buffer-overflow.
+
+Fix this by alloocating one more byte than its length and set that
+to '\0'.
+---
+ plug-ins/file-psd/psd-util.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/plug-ins/file-psd/psd-util.c b/plug-ins/file-psd/psd-util.c
+index e0cca2b4db..734155c57a 100644
+--- a/plug-ins/file-psd/psd-util.c
++++ b/plug-ins/file-psd/psd-util.c
+@@ -274,7 +274,8 @@ fread_pascal_string (gint32        *bytes_read,
+       return NULL;
+     }
+ 
+-  str = g_malloc (len);
++  str = g_malloc (len + 1);
++  str[len] = '\0';
+   if (psd_read (input, str, len, error) < len)
+     {
+       psd_set_error (error);
+-- 
+2.53.0
+
diff --git a/gimp.changes b/gimp.changes
index 29a303e..7bb7b6f 100644
--- a/gimp.changes
+++ b/gimp.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Feb 11 15:32:17 UTC 2026 - Michael Gorse <mgorse@suse.com>
+
+- Add gimp-CVE-2026-2239.patch: fix a heap buffer overflow in
+  psd-util.c (bsc#1257959 CVE-2026-2239 glgo#GNOME/gimp#15812).
+
 -------------------------------------------------------------------
 Sun Jan 25 03:00:53 UTC 2026 - Marcus Rueckert <mrueckert@suse.de>
 
diff --git a/gimp.spec b/gimp.spec
index a4c6290..cdb0dd4 100644
--- a/gimp.spec
+++ b/gimp.spec
@@ -100,6 +100,8 @@ Source2:        openSUSE.gpl
 Patch1:         gimp-2.99.19-cm-system-monitor-profile-by-default.patch
 Patch2:         gimp-2.99.19-external-help-browser.patch
 Patch3:         gimp-2.99.19-no-phone-home-default.patch
+# PATCH-FIX-UPSTREAM gimp-2026-2239.patch bsc#1257959 mgorse@suse.com -- fix heap buffer overflow in psd-util.c.
+Patch4:         gimp-CVE-2026-2239.patch
 %if %{with debug_in_build_gimp}
 BuildRequires:  gdb
 %endif