diff --git a/0001-Fix-various-OOB-reads-and-writes-in-kimg_tga-and-kim.patch b/0001-Fix-various-OOB-reads-and-writes-in-kimg_tga-and-kim.patch
new file mode 100644
index 0000000..8330521
--- /dev/null
+++ b/0001-Fix-various-OOB-reads-and-writes-in-kimg_tga-and-kim.patch
@@ -0,0 +1,111 @@
+From 20b6fef093ab276a532d015a192e62d7219c939a Mon Sep 17 00:00:00 2001
+From: Fabian Vogt <fabian@ritter-vogt.de>
+Date: Sun, 20 Jan 2019 12:51:02 +0100
+Subject: [PATCH] Fix various OOB reads and writes in kimg_tga and kimg_xcf
+
+Test Plan: No crash anymore.
+
+Reviewers: aacid
+
+Subscribers: kde-frameworks-devel
+
+Tags: #frameworks
+
+Differential Revision: https://phabricator.kde.org/D18574
+---
+ src/imageformats/tga.cpp | 27 +++++++++++++++++++++++----
+ src/imageformats/xcf.cpp |  3 ++-
+ 2 files changed, 25 insertions(+), 5 deletions(-)
+
+diff --git a/src/imageformats/tga.cpp b/src/imageformats/tga.cpp
+index 3a22b45..9217bed 100644
+--- a/src/imageformats/tga.cpp
++++ b/src/imageformats/tga.cpp
+@@ -189,7 +189,7 @@ static bool LoadTGA(QDataStream &s, const TgaHeader &tga, QImage &img)
+     }
+ 
+     uint pixel_size = (tga.pixel_size / 8);
+-    uint size = tga.width * tga.height * pixel_size;
++    qint64 size = qint64(tga.width) * qint64(tga.height) * pixel_size;
+ 
+     if (size < 1) {
+ //          qDebug() << "This TGA file is broken with size " << size;
+@@ -204,20 +204,34 @@ static bool LoadTGA(QDataStream &s, const TgaHeader &tga, QImage &img)
+     }
+ 
+     // Allocate image.
+-    uchar *const image = new uchar[size];
++    uchar *const image = reinterpret_cast<uchar*>(malloc(size));
++    if (!image) {
++        return false;
++    }
++
++    bool valid = true;
+ 
+     if (info.rle) {
+         // Decode image.
+         char *dst = (char *)image;
+-        int num = size;
++        qint64 num = size;
+ 
+         while (num > 0) {
++            if (s.atEnd()) {
++                valid = false;
++                break;
++            }
++
+             // Get packet header.
+             uchar c;
+             s >> c;
+ 
+             uint count = (c & 0x7f) + 1;
+             num -= count * pixel_size;
++            if (num < 0) {
++                valid = false;
++                break;
++            }
+ 
+             if (c & 0x80) {
+                 // RLE pixels.
+@@ -240,6 +254,11 @@ static bool LoadTGA(QDataStream &s, const TgaHeader &tga, QImage &img)
+         s.readRawData((char *)image, size);
+     }
+ 
++    if (!valid) {
++        free(image);
++        return false;
++    }
++
+     // Convert image to internal format.
+     int y_start, y_step, y_end;
+     if (tga.flags & TGA_ORIGIN_UPPER) {
+@@ -294,7 +313,7 @@ static bool LoadTGA(QDataStream &s, const TgaHeader &tga, QImage &img)
+     }
+ 
+     // Free image.
+-    delete [] image;
++    free(image);
+ 
+     return true;
+ }
+diff --git a/src/imageformats/xcf.cpp b/src/imageformats/xcf.cpp
+index 758b65e..824d67a 100644
+--- a/src/imageformats/xcf.cpp
++++ b/src/imageformats/xcf.cpp
+@@ -489,11 +489,12 @@ bool XCFImageFormat::loadProperty(QDataStream &xcf_io, PropType &type, QByteArra
+         quint32 ncolors;
+         xcf_io >> ncolors;
+ 
++        size = 3 * ncolors + 4;
++
+         if (size > 65535 || size < 4) {
+             return false;
+         }
+ 
+-        size = 3 * ncolors + 4;
+         data = new char[size];
+ 
+         // since we already read "ncolors" from the stream, we put that data back
+-- 
+2.20.1
+
diff --git a/kimageformats.changes b/kimageformats.changes
index a87a3f2..a506e56 100644
--- a/kimageformats.changes
+++ b/kimageformats.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Jan 28 13:30:26 UTC 2019 - Fabian Vogt <fabian@ritter-vogt.de>
+
+- Add patch to fix buffer overflows (boo#1123281):
+  * 0001-Fix-various-OOB-reads-and-writes-in-kimg_tga-and-kim.patch
+
 -------------------------------------------------------------------
 Wed Jan 23 17:47:54 UTC 2019 - Fabian Vogt <fabian@ritter-vogt.de>
 
diff --git a/kimageformats.spec b/kimageformats.spec
index ebeb83a..c4e41b6 100644
--- a/kimageformats.spec
+++ b/kimageformats.spec
@@ -30,6 +30,8 @@ Group:          System/GUI/KDE
 URL:            https://www.kde.org
 Source:         http://download.kde.org/stable/frameworks/%{_tar_path}/%{name}-%{version}.tar.xz
 Source1:        baselibs.conf
+# PATCH-FIX-UPSTREAM
+Patch001:       0001-Fix-various-OOB-reads-and-writes-in-kimg_tga-and-kim.patch
 BuildRequires:  cmake >= 3.0
 BuildRequires:  extra-cmake-modules >= %{_kf5_bugfix_version}
 BuildRequires:  fdupes
@@ -62,7 +64,7 @@ it invokes ghostscript for conversion, it should only be used in trusted
 environments.
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
   %cmake_kf5 -d build