diff --git a/hunspell-CVE-2019-16707.patch b/hunspell-CVE-2019-16707.patch
new file mode 100644
index 0000000..ca89cf8
--- /dev/null
+++ b/hunspell-CVE-2019-16707.patch
@@ -0,0 +1,14 @@
+diff --git a/src/hunspell/suggestmgr.cxx b/src/hunspell/suggestmgr.cxx
+index dba084e9..c23f165a 100644
+--- a/src/hunspell/suggestmgr.cxx
++++ b/src/hunspell/suggestmgr.cxx
+@@ -2040,7 +2040,7 @@ int SuggestMgr::leftcommonsubstring(
+   int l2 = su2.size();
+   // decapitalize dictionary word
+   if (complexprefixes) {
+-    if (su1[l1 - 1] == su2[l2 - 1])
++    if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1])
+       return 1;
+   } else {
+     unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l;
+
diff --git a/hunspell.changes b/hunspell.changes
index 316f834..1b5fa84 100644
--- a/hunspell.changes
+++ b/hunspell.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Jun  9 07:19:19 UTC 2020 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2019-16707 [bsc#1151867], invalid read operation in SuggestMgr:leftcommonsubstring in suggestmgr.cxx
+  + hunspell-CVE-2019-16707.patch
+
 -------------------------------------------------------------------
 Thu Nov 15 13:59:30 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
 
diff --git a/hunspell.spec b/hunspell.spec
index 6fa8aad..5ef7344 100644
--- a/hunspell.spec
+++ b/hunspell.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package hunspell
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,6 +27,8 @@ Group:          Productivity/Office/Other
 URL:            https://hunspell.github.io
 Source0:        https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        baselibs.conf
+# CVE-2019-16707 [bsc#1151867], invalid read operation in SuggestMgr:leftcommonsubstring in suggestmgr.cxx
+Patch0:         hunspell-CVE-2019-16707.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bison
@@ -80,6 +82,7 @@ Includes and definitions for developing with hunspell.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 # latest released tarball does not contain generated configure