diff --git a/htmldoc-CVE-2022-28085.patch b/htmldoc-CVE-2022-28085.patch
new file mode 100644
index 0000000..c10e4f2
--- /dev/null
+++ b/htmldoc-CVE-2022-28085.patch
@@ -0,0 +1,13 @@
+Index: htmldoc-1.9.15/htmldoc/ps-pdf.cxx
+===================================================================
+--- htmldoc-1.9.15.orig/htmldoc/ps-pdf.cxx
++++ htmldoc-1.9.15/htmldoc/ps-pdf.cxx
+@@ -3583,6 +3583,8 @@ pdf_write_names(FILE *out)		/* I - Outpu
+     pdf_start_object(out);
+     float x, y;
+ 
++    check_pages(link->page);
++
+     x = 0.0f;
+     y = link->top + pages[link->page].bottom;
+     pspdf_transform_coords(pages + link->page, x, y);
diff --git a/htmldoc.changes b/htmldoc.changes
index e5f7a5f..389870b 100644
--- a/htmldoc.changes
+++ b/htmldoc.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Apr 29 06:02:30 UTC 2022 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2022-28085 [bsc#1198933], Heap buffer overflow in function pdf_write_names in ps-pdf.cxx
+  + htmldoc-CVE-2022-28085.patch
+
 -------------------------------------------------------------------
 Thu Feb 10 11:49:32 UTC 2022 - pgajdos@suse.com
 
diff --git a/htmldoc.spec b/htmldoc.spec
index df141de..a2e3d14 100644
--- a/htmldoc.spec
+++ b/htmldoc.spec
@@ -24,6 +24,8 @@ License:        LGPL-2.1-or-later
 Group:          Productivity/Publishing/HTML/Tools
 URL:            https://michaelrsweet.github.io/htmldoc/index.html
 Source:         https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz
+# CVE-2022-28085 [bsc#1198933], Heap buffer overflow in function pdf_write_names in ps-pdf.cxx
+Patch0:         htmldoc-CVE-2022-28085.patch
 BuildRequires:  fltk-devel
 BuildRequires:  gcc-c++
 BuildRequires:  hicolor-icon-theme
@@ -40,7 +42,7 @@ HTMLDOC converts HTML source files into indexed HTML, PostScript, or
 Portable Document Format (PDF) files that can be viewed online or printed.
 
 %prep
-%autosetup
+%autosetup -p1
 
 %build
 %configure \