diff --git a/htmldoc-CVE-2024-46478.patch b/htmldoc-CVE-2024-46478.patch
new file mode 100644
index 0000000..c248803
--- /dev/null
+++ b/htmldoc-CVE-2024-46478.patch
@@ -0,0 +1,27 @@
+Index: htmldoc-1.9.18/htmldoc/ps-pdf.cxx
+===================================================================
+--- htmldoc-1.9.18.orig/htmldoc/ps-pdf.cxx
++++ htmldoc-1.9.18/htmldoc/ps-pdf.cxx
+@@ -5702,10 +5702,13 @@ parse_pre(tree_t *t,		/* I - Tree to par
+ 
+ 	case MARKUP_NONE :
+             for (lineptr = line, dataptr = start->data;
+-		 *dataptr != '\0' && lineptr < (line + sizeof(line) - 1);
++		 *dataptr != '\0' && lineptr < (line + sizeof(line) - 9);
+ 		 dataptr ++)
++	    {
+               if (*dataptr == '\n')
++              {
+ 		break;
++              }
+               else if (*dataptr == '\t')
+               {
+                /* This code changed after 15 years to work around new compiler optimization bugs (Issue #349) */
+@@ -5720,6 +5723,7 @@ parse_pre(tree_t *t,		/* I - Tree to par
+         	*lineptr++ = *dataptr;
+         	col ++;
+               }
++           }
+ 
+             *lineptr = '\0';
+ 
diff --git a/htmldoc.changes b/htmldoc.changes
index c972b0f..737b706 100644
--- a/htmldoc.changes
+++ b/htmldoc.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Nov  5 07:31:53 UTC 2024 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2024-46478 [bsc#1232380], buffer overflow when handling tabs through the parse_pre function (ps-pdf.cxx)
+  + htmldoc-CVE-2024-46478.patch
+
 -------------------------------------------------------------------
 Mon Sep  2 12:48:22 UTC 2024 - pgajdos@suse.com
 
diff --git a/htmldoc.spec b/htmldoc.spec
index c5f18e6..264d017 100644
--- a/htmldoc.spec
+++ b/htmldoc.spec
@@ -25,7 +25,9 @@ Group:          Productivity/Publishing/HTML/Tools
 URL:            https://michaelrsweet.github.io/htmldoc/index.html
 Source:         https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz
 # CVE-2024-45508 [bsc#1230022], HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
-Patch0:          htmldoc-CVE-2024-45508.patch
+Patch0:         htmldoc-CVE-2024-45508.patch
+# CVE-2024-46478 [bsc#1232380], buffer overflow when handling tabs through the parse_pre function (ps-pdf.cxx)
+Patch1:         htmldoc-CVE-2024-46478.patch
 BuildRequires:  cups-devel
 BuildRequires:  fltk-devel
 BuildRequires:  gcc-c++