diff --git a/libcaca-variable-type.patch b/libcaca-variable-type.patch
new file mode 100644
index 0000000..909ddd0
--- /dev/null
+++ b/libcaca-variable-type.patch
@@ -0,0 +1,13 @@
+Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/src/common-image.h
+===================================================================
+--- libcaca-da28e9684ef445ac8d42745644336b8a75c01855.orig/src/common-image.h
++++ libcaca-da28e9684ef445ac8d42745644336b8a75c01855/src/common-image.h
+@@ -13,7 +13,7 @@
+ struct image
+ {
+     char *pixels;
+-    unsigned int w, h;
++    size_t w, h;
+     struct caca_dither *dither;
+     void *priv;
+ };
diff --git a/libcaca.changes b/libcaca.changes
index f5940e1..ae9830d 100644
--- a/libcaca.changes
+++ b/libcaca.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Tue Jan 15 15:03:38 UTC 2019 - josef.moellers@suse.com
+
+- Fix the size of width and height to be of size_t rather than
+  unsigned int which may be too small on 64 bit architectures.
+  This fixes three CVS and associated bugs.
+  [CVE-2018-20545, bsc#1120584, CVE-2018-20548, bsc#1120589,
+   CVE-2018-20549, bsc#1120470, libcaca-variable-type.patch]
+
 -------------------------------------------------------------------
 Tue Jan 30 11:03:56 UTC 2018 - davejplater@gmail.com
 
diff --git a/libcaca.spec b/libcaca.spec
index 8233cd6..ea21485 100644
--- a/libcaca.spec
+++ b/libcaca.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package libcaca
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -35,6 +35,7 @@ Patch5:         libcaca-ruby_vendor_install.patch
 Patch7:         libcaca-0.99.beta16-missing-GLU.patch
 Patch9:         caca-no-build-date.patch
 Patch10:        libcaca-ncurses6.patch
+Patch11:        libcaca-variable-type.patch
 BuildRequires:  doxygen
 BuildRequires:  fdupes
 BuildRequires:  freeglut-devel
@@ -136,6 +137,7 @@ drawing, triangle filling and sprite blitting.
 %patch9
 %patch1
 %patch10 -p1
+%patch11 -p1
 RUBY="ruby-`echo %{rb_ver} | sed 's|\.[^\.]*$||'`"
 find . -type f -exec sed -i "s|ruby-1.9|$RUBY|" \{\} \;
 pushd python