diff --git a/0001-Improve-handling-of-malformed-numeric-values-in-svg-.patch b/0001-Improve-handling-of-malformed-numeric-values-in-svg-.patch
new file mode 100644
index 0000000..840b3a5
--- /dev/null
+++ b/0001-Improve-handling-of-malformed-numeric-values-in-svg-.patch
@@ -0,0 +1,41 @@
+From aceea78cc05ac8ff947cee9de8149b48771781a8 Mon Sep 17 00:00:00 2001
+From: Eirik Aavitsland <eirik.aavitsland@qt.io>
+Date: Tue, 1 Dec 2020 14:39:59 +0100
+Subject: [PATCH 1/4] Improve handling of malformed numeric values in svg files
+
+Catch cases where the input is not containable in a qreal, and avoid
+passing on inf values.
+
+Change-Id: I1ab8932d94473916815385240c29e03afb0e0c9e
+Reviewed-by: Robert Loehning <robert.loehning@qt.io>
+Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
+(cherry picked from commit 428d56da9d5ed9bda51f7cc3c144996fb3a6a285)
+Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
+---
+ src/svg/qsvghandler.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
+index c937254..b3d9aaf 100644
+--- a/src/svg/qsvghandler.cpp
++++ b/src/svg/qsvghandler.cpp
+@@ -65,6 +65,7 @@
+ #include "private/qmath_p.h"
+ 
+ #include "float.h"
++#include <cmath>
+ 
+ QT_BEGIN_NAMESPACE
+ 
+@@ -672,6 +673,8 @@ static qreal toDouble(const QChar *&str)
+             val = -val;
+     } else {
+         val = QByteArray::fromRawData(temp, pos).toDouble();
++        if (qFpClassify(val) != FP_NORMAL)
++            val = 0;
+     }
+     return val;
+ 
+-- 
+2.25.1
+
diff --git a/0002-Clamp-parsed-doubles-to-float-representable-values.patch b/0002-Clamp-parsed-doubles-to-float-representable-values.patch
new file mode 100644
index 0000000..3f02f64
--- /dev/null
+++ b/0002-Clamp-parsed-doubles-to-float-representable-values.patch
@@ -0,0 +1,48 @@
+From 95990cbeebc0ab9959e2a925a93ad4897416bbb7 Mon Sep 17 00:00:00 2001
+From: Allan Sandfeld Jensen <allan.jensen@qt.io>
+Date: Thu, 4 Mar 2021 14:28:48 +0100
+Subject: [PATCH 2/4] Clamp parsed doubles to float representable values
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Parts of our rendering assumes incoming doubles can still be sane
+floats.
+
+Fixes: QTBUG-91507
+Change-Id: I7086a121e1b5ed47695a1251ea90e774dd8f148d
+Reviewed-by: Robert Löhning <robert.loehning@qt.io>
+Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
+Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
+(cherry picked from commit bfd6ee0d8cf34b63d32adf10ed93daa0086b359f)
+Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
+---
+ src/svg/qsvghandler.cpp | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
+index b3d9aaf..9dac05c 100644
+--- a/src/svg/qsvghandler.cpp
++++ b/src/svg/qsvghandler.cpp
+@@ -673,7 +673,8 @@ static qreal toDouble(const QChar *&str)
+             val = -val;
+     } else {
+         val = QByteArray::fromRawData(temp, pos).toDouble();
+-        if (qFpClassify(val) != FP_NORMAL)
++        // Do not tolerate values too wild to be represented normally by floats
++        if (qFpClassify(float(val)) != FP_NORMAL)
+             val = 0;
+     }
+     return val;
+@@ -3046,6 +3047,8 @@ static QSvgStyleProperty *createRadialGradientNode(QSvgNode *node,
+         ncy = toDouble(cy);
+     if (!r.isEmpty())
+         nr = toDouble(r);
++    if (nr < 0.5)
++        nr = 0.5;
+ 
+     qreal nfx = ncx;
+     if (!fx.isEmpty())
+-- 
+2.25.1
+
diff --git a/0003-Avoid-buffer-overflow-in-isSupportedSvgFeature.patch b/0003-Avoid-buffer-overflow-in-isSupportedSvgFeature.patch
new file mode 100644
index 0000000..f38f538
--- /dev/null
+++ b/0003-Avoid-buffer-overflow-in-isSupportedSvgFeature.patch
@@ -0,0 +1,38 @@
+From 1c2072ad16e0097c15df701dc22f07bf481fc4ec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Robert=20L=C3=B6hning?= <robert.loehning@qt.io>
+Date: Wed, 17 Feb 2021 19:20:42 +0100
+Subject: [PATCH 3/4] Avoid buffer overflow in isSupportedSvgFeature
+
+Fixes oss-fuzz issue 29873.
+
+Pick-to: 6.0 6.1
+Change-Id: I382683aa2d7d3cf2d05a0b8c41ebf21d032fbd7c
+Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
+(cherry picked from commit afde7ca3a40f524e40052df696f74190452b22cb)
+---
+ src/svg/qsvgstructure.cpp | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/svg/qsvgstructure.cpp b/src/svg/qsvgstructure.cpp
+index b89608b..89c9e4e 100644
+--- a/src/svg/qsvgstructure.cpp
++++ b/src/svg/qsvgstructure.cpp
+@@ -255,9 +255,13 @@ inline static bool isSupportedSvgFeature(const QString &str)
+     };
+ 
+     if (str.length() <= MAX_WORD_LENGTH && str.length() >= MIN_WORD_LENGTH) {
++        const char16_t unicode44 = str.at(44).unicode();
++        const char16_t unicode45 = str.at(45).unicode();
++        if (unicode44 >= sizeof(asso_values) || unicode45 >= sizeof(asso_values))
++            return false;
+         const int key = str.length()
+-                        + asso_values[str.at(45).unicode()]
+-                        + asso_values[str.at(44).unicode()];
++                        + asso_values[unicode45]
++                        + asso_values[unicode44];
+         if (key <= MAX_HASH_VALUE && key >= 0)
+             return str == QLatin1String(wordlist[key]);
+     }
+-- 
+2.25.1
+
diff --git a/0004-Make-image-handler-accept-UTF-16-UTF-32-encoded-SVGs.patch b/0004-Make-image-handler-accept-UTF-16-UTF-32-encoded-SVGs.patch
new file mode 100644
index 0000000..c21d9d2
--- /dev/null
+++ b/0004-Make-image-handler-accept-UTF-16-UTF-32-encoded-SVGs.patch
@@ -0,0 +1,201 @@
+From cfc616978b52a396b2ef6900546f7fc086d7cab3 Mon Sep 17 00:00:00 2001
+From: Eirik Aavitsland <eirik.aavitsland@qt.io>
+Date: Thu, 8 Apr 2021 13:19:52 +0200
+Subject: [PATCH 4/4] Make image handler accept UTF-16/UTF-32 encoded SVGs
+
+The canRead() header checks assumed 8 bit encoding.
+
+Pick-to: 6.1 6.0 5.15
+Fixes: QTBUG-90744
+Change-Id: Ibe934fe9ed31b89ee0fbfc4562aa66ab1b359225
+Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
+(cherry picked from commit 45fb1f07eaa984af40fca9f12b8f3d27f7b0e9ac)
+---
+ .../imageformats/svg/qsvgiohandler.cpp        |  37 +++++++++++-------
+ tests/auto/qsvgplugin/simple_Utf16BE.svg      | Bin 0 -> 228 bytes
+ tests/auto/qsvgplugin/simple_Utf16LE.svg      | Bin 0 -> 228 bytes
+ tests/auto/qsvgplugin/simple_Utf32BE.svg      | Bin 0 -> 456 bytes
+ tests/auto/qsvgplugin/simple_Utf32LE.svg      | Bin 0 -> 456 bytes
+ tests/auto/qsvgplugin/simple_Utf8.svg         |   3 ++
+ tests/auto/qsvgplugin/tst_qsvgplugin.cpp      |  32 +++++++++++++++
+ 7 files changed, 57 insertions(+), 15 deletions(-)
+ create mode 100644 tests/auto/qsvgplugin/simple_Utf16BE.svg
+ create mode 100644 tests/auto/qsvgplugin/simple_Utf16LE.svg
+ create mode 100644 tests/auto/qsvgplugin/simple_Utf32BE.svg
+ create mode 100644 tests/auto/qsvgplugin/simple_Utf32LE.svg
+ create mode 100644 tests/auto/qsvgplugin/simple_Utf8.svg
+
+diff --git a/src/plugins/imageformats/svg/qsvgiohandler.cpp b/src/plugins/imageformats/svg/qsvgiohandler.cpp
+index bd39b2a..4136aaf 100644
+--- a/src/plugins/imageformats/svg/qsvgiohandler.cpp
++++ b/src/plugins/imageformats/svg/qsvgiohandler.cpp
+@@ -118,6 +118,24 @@ QSvgIOHandler::~QSvgIOHandler()
+     delete d;
+ }
+ 
++static bool isPossiblySvg(QIODevice *device, bool *isCompressed = nullptr)
++{
++    constexpr int bufSize = 64;
++    char buf[bufSize];
++    const qint64 readLen = device->peek(buf, bufSize);
++    if (readLen < 8)
++        return false;
++#    ifndef QT_NO_COMPRESS
++    if (quint8(buf[0]) == 0x1f && quint8(buf[1]) == 0x8b) {
++        if (isCompressed)
++            *isCompressed = true;
++        return true;
++    }
++#    endif
++    QTextStream str(QByteArray::fromRawData(buf, readLen));
++    QByteArray ba = str.read(16).trimmed().toLatin1();
++    return ba.startsWith("<?xml") || ba.startsWith("<svg") || ba.startsWith("<!--") || ba.startsWith("<!DOCTYPE svg");
++}
+ 
+ bool QSvgIOHandler::canRead() const
+ {
+@@ -126,15 +144,9 @@ bool QSvgIOHandler::canRead() const
+     if (d->loaded && !d->readDone)
+         return true;        // Will happen if we have been asked for the size
+ 
+-    QByteArray buf = device()->peek(16);
+-#ifndef QT_NO_COMPRESS
+-    if (buf.startsWith("\x1f\x8b")) {
+-        setFormat("svgz");
+-        return true;
+-    } else
+-#endif
+-    if (buf.contains("<?xml") || buf.contains("<svg") || buf.contains("<!--") || buf.contains("<!DOCTYPE svg")) {
+-        setFormat("svg");
++    bool isCompressed = false;
++    if (isPossiblySvg(device(), &isCompressed)) {
++        setFormat(isCompressed ? "svgz" : "svg");
+         return true;
+     }
+     return false;
+@@ -260,12 +272,7 @@ bool QSvgIOHandler::supportsOption(ImageOption option) const
+ 
+ bool QSvgIOHandler::canRead(QIODevice *device)
+ {
+-    QByteArray buf = device->peek(16);
+-    return
+-#ifndef QT_NO_COMPRESS
+-            buf.startsWith("\x1f\x8b") ||
+-#endif
+-            buf.contains("<?xml") || buf.contains("<svg") || buf.contains("<!--") || buf.contains("<!DOCTYPE svg");
++    return isPossiblySvg(device);
+ }
+ 
+ QT_END_NAMESPACE
+diff --git a/tests/auto/qsvgplugin/simple_Utf16BE.svg b/tests/auto/qsvgplugin/simple_Utf16BE.svg
+new file mode 100644
+index 0000000000000000000000000000000000000000..c3312cb2a98dc3a2a7f42100720a94ee913ab641
+GIT binary patch
+literal 228
+zcmY+8!3x4a3`F1AuUP86TPwXt^=FD(h1JSdZ2kG_Y$$>ZBuq%=W%<xD@}kG7o=I|7
+z2JRdw*illcJ7#V~O-GwwcuEfrcxf_~s(bAZ%IGz%b(!VY{DKo3B{>m0F_LN&(W%dt
+i+N`XO_n%MZY8v|_=r&6EzpW7h!FvAF8>RhG#ry&V93m0`
+
+literal 0
+HcmV?d00001
+
+diff --git a/tests/auto/qsvgplugin/simple_Utf16LE.svg b/tests/auto/qsvgplugin/simple_Utf16LE.svg
+new file mode 100644
+index 0000000000000000000000000000000000000000..cdbeda92a5145faf70fcc8dcdf034141a66f59cf
+GIT binary patch
+literal 228
+zcmY+8!3x4a3`F1AuUP86tCe14^=FD(h1JSdZ2ft4HWWby5+)?`@_7eFp7c1?6It%U
+zz>NbHTWU7yj+rY-)6wQ<9@3pXUYbm`>Q4KEGI~uLT^9Kzzv9SBNsd4#MpjKCI`!F7
+h+lAHf`t#XbLu;Qz-6pC0w>Cl~S}%Wkql6!|Fux@+A`$=q
+
+literal 0
+HcmV?d00001
+
+diff --git a/tests/auto/qsvgplugin/simple_Utf32BE.svg b/tests/auto/qsvgplugin/simple_Utf32BE.svg
+new file mode 100644
+index 0000000000000000000000000000000000000000..0d5d02c1ba98a60908ca852692bf5f1124d4b64b
+GIT binary patch
+literal 456
+zcmaKnNeV(i3<Z1bDT3}DaU<$w#0i{Gak#u%B^~&<a8V@Pncgeq^)97M;Q}{UL)3gp
+zJcG3@9N_>nXu|-y(68?xK41?!u-Dn_-;iG`C*lNpl{+zUr}+rXy{itj**^qtCjK?`
+zt8ES~h>9K;pbvMMt5J^uzSW*u$K*|4)}Mds?#x;BIj@d@6?oTsl6@WW^k9$VJ7@Kl
+LUi9$m^;`P@=Ncjs
+
+literal 0
+HcmV?d00001
+
+diff --git a/tests/auto/qsvgplugin/simple_Utf32LE.svg b/tests/auto/qsvgplugin/simple_Utf32LE.svg
+new file mode 100644
+index 0000000000000000000000000000000000000000..58a71596656a79d9540b6bbef92e6b40aec46871
+GIT binary patch
+literal 456
+zcmaKnNeV(i3<b0H6pij3aU=RKBTnFiio@mAD(Jw+g^MET&h*~r9WjrHE8JlNrRFQ*
+z1+4Ah1V>mv7e>&BVSN|k6ArKkd!5bxE%~i-CeC0`c@PtKnoq#oyXsJz{bTTE;$K_8
+z+8XFUspxSD`f!)I8ueJfx7t(dl)UZB`s+{KojI#M=habQ4c_&hWM7XwJ=i1p&RM;s
+K7d`xX&Ds}BU?LI#
+
+literal 0
+HcmV?d00001
+
+diff --git a/tests/auto/qsvgplugin/simple_Utf8.svg b/tests/auto/qsvgplugin/simple_Utf8.svg
+new file mode 100644
+index 0000000..2052c48
+--- /dev/null
++++ b/tests/auto/qsvgplugin/simple_Utf8.svg
+@@ -0,0 +1,3 @@
++<svg version="1.0" xmlns="http://www.w3.org/2000/svg">
++  <circle cx="50" cy="50" r="25" fill="#00ff00" />
++</svg>
+diff --git a/tests/auto/qsvgplugin/tst_qsvgplugin.cpp b/tests/auto/qsvgplugin/tst_qsvgplugin.cpp
+index e1f84f3..73bbe8b 100644
+--- a/tests/auto/qsvgplugin/tst_qsvgplugin.cpp
++++ b/tests/auto/qsvgplugin/tst_qsvgplugin.cpp
+@@ -61,6 +61,8 @@ private slots:
+     void checkSize_data();
+     void checkSize();
+     void checkImageInclude();
++    void encodings_data();
++    void encodings();
+ };
+ 
+ 
+@@ -145,6 +147,36 @@ void tst_QSvgPlugin::checkImageInclude()
+     logMessages.clear();
+ }
+ 
++void tst_QSvgPlugin::encodings_data()
++{
++    QTest::addColumn<QString>("filename");
++
++    QTest::newRow("utf-8") << QFINDTESTDATA("simple_Utf8.svg");
++    QTest::newRow("utf-16LE") << QFINDTESTDATA("simple_Utf16LE.svg");
++    QTest::newRow("utf-16BE") << QFINDTESTDATA("simple_Utf16BE.svg");
++    QTest::newRow("utf-32LE") << QFINDTESTDATA("simple_Utf32LE.svg");
++    QTest::newRow("utf-32BE") << QFINDTESTDATA("simple_Utf32BE.svg");
++}
++
++void tst_QSvgPlugin::encodings()
++{
++    QFETCH(QString, filename);
++
++    {
++        QFile file(filename);
++        file.open(QIODevice::ReadOnly);
++        QVERIFY(QSvgIOHandler::canRead(&file));
++    }
++
++    QFile file(filename);
++    file.open(QIODevice::ReadOnly);
++    QSvgIOHandler plugin;
++    plugin.setDevice(&file);
++    QVERIFY(plugin.canRead());
++    QImage img;
++    QVERIFY(plugin.read(&img));
++    QCOMPARE(img.size(), QSize(50, 50));
++}
+ 
+ QTEST_MAIN(tst_QSvgPlugin)
+ #include "tst_qsvgplugin.moc"
+-- 
+2.25.1
+
diff --git a/libqt5-qtsvg.changes b/libqt5-qtsvg.changes
index 3905e97..bb53906 100644
--- a/libqt5-qtsvg.changes
+++ b/libqt5-qtsvg.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Fri Apr 16 09:37:36 UTC 2021 - Fabian Vogt <fvogt@suse.com>
+
+- Add commits from kde's 5.15 branch:
+  * 0001-Improve-handling-of-malformed-numeric-values-in-svg-.patch
+  * 0002-Clamp-parsed-doubles-to-float-representable-values.patch
+    (bsc#1184783, QTBUG-91507, CVE-2021-3481)
+  * 0003-Avoid-buffer-overflow-in-isSupportedSvgFeature.patch
+  * 0004-Make-image-handler-accept-UTF-16-UTF-32-encoded-SVGs.patch
+    (QTBUG-90744)
+
 -------------------------------------------------------------------
 Fri Nov 20 12:09:39 UTC 2020 - Fabian Vogt <fabian@ritter-vogt.de>
 
diff --git a/libqt5-qtsvg.spec b/libqt5-qtsvg.spec
index 44ccfb7..eb3b1fc 100644
--- a/libqt5-qtsvg.spec
+++ b/libqt5-qtsvg.spec
@@ -31,6 +31,11 @@ Group:          Development/Libraries/X11
 URL:            https://www.qt.io
 Source:         https://download.qt.io/official_releases/qt/5.15/%{real_version}/submodules/%{tar_version}.tar.xz
 Source1:        baselibs.conf
+# PATCH-FIX-UPSTREAM
+Patch1:         0001-Improve-handling-of-malformed-numeric-values-in-svg-.patch
+Patch2:         0002-Clamp-parsed-doubles-to-float-representable-values.patch
+Patch3:         0003-Avoid-buffer-overflow-in-isSupportedSvgFeature.patch
+Patch4:         0004-Make-image-handler-accept-UTF-16-UTF-32-encoded-SVGs.patch
 BuildRequires:  libQt5Core-private-headers-devel >= %{version}
 BuildRequires:  libQt5Gui-private-headers-devel >= %{version}
 BuildRequires:  libQt5Widgets-private-headers-devel >= %{version}
@@ -42,13 +47,15 @@ BuildRequires:  perl
 BuildRequires:  pkgconfig
 BuildRequires:  xz
 BuildRequires:  pkgconfig(zlib)
+# Use git to apply the patches, Patch4 contains binary diffs
+BuildRequires:  git-core
 
 %description
 The Qt SVG module provides functionality for displaying SVG images
 as a widget, and to create SVG files using drawing commands.
 
 %prep
-%autosetup -p1 -n %{tar_version}
+%autosetup -p1 -S git -n %{tar_version}
 
 %package -n %{libname}
 Summary:        Qt 5 SVG Library