diff --git a/CVE-2017-5896.patch b/CVE-2017-5896.patch
new file mode 100644
index 0000000..50227bc
--- /dev/null
+++ b/CVE-2017-5896.patch
@@ -0,0 +1,40 @@
+X-Git-Url: http://git.ghostscript.com/?p=mupdf.git;a=blobdiff_plain;f=source%2Ffitz%2Fpixmap.c;h=f1291dc29d49ead44c10785fd014a0d995e45a91;hp=a8317127da7af6d39eb86fe3ca02cb4106a9b262;hb=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27;hpb=90fa6203ad032fe161d85a3e580941ce3d1216f0
+
+diff --git a/source/fitz/pixmap.c b/source/fitz/pixmap.c
+index a831712..f1291dc 100644
+--- a/source/fitz/pixmap.c
++++ b/source/fitz/pixmap.c
+@@ -1104,6 +1104,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
+ 	"@STACK:r1,<9>,factor,n,fwd,back,back2,fwd2,divX,back4,fwd4,fwd3,divY,back5,divXY\n"
+ 	"ldr	r4, [r13,#4*22]		@ r4 = divXY			\n"
+ 	"ldr	r5, [r13,#4*11]		@ for (nn = n; nn > 0; n--) {	\n"
++	"ldr	r8, [r13,#4*17]		@ r8 = back4			\n"
+ 	"18:				@				\n"
+ 	"mov	r14,#0			@ r14= v = 0			\n"
+ 	"sub	r5, r5, r1, LSL #8	@ for (xx = x; xx > 0; x--) {	\n"
+@@ -1120,7 +1121,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
+ 	"mul	r14,r4, r14		@ r14= v *= divX		\n"
+ 	"mov	r14,r14,LSR #16		@ r14= v >>= 16			\n"
+ 	"strb	r14,[r9], #1		@ *d++ = r14			\n"
+-	"sub	r0, r0, r8		@ s -= back2			\n"
++	"sub	r0, r0, r8		@ s -= back4			\n"
+ 	"subs	r5, r5, #1		@ n--				\n"
+ 	"bgt	18b			@ }				\n"
+ 	"21:				@				\n"
+@@ -1249,6 +1250,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
+ 		x += f;
+ 		if (x > 0)
+ 		{
++			int back4 = x * n - 1;
+ 			div = x * y;
+ 			for (nn = n; nn > 0; nn--)
+ 			{
+@@ -1263,7 +1265,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
+ 					s -= back5;
+ 				}
+ 				*d++ = v / div;
+-				s -= back2;
++				s -= back4;
+ 			}
+ 		}
+ 	}
diff --git a/mupdf.changes b/mupdf.changes
index f13fa37..8a183d8 100644
--- a/mupdf.changes
+++ b/mupdf.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Feb 10 10:56:31 UTC 2017 - idonmez@suse.com
+
+- Add CVE-2017-5896.patch to fix a heap overflow
+  CVE-2017-5896 bsc#1023761 bsc#1024679
+
 -------------------------------------------------------------------
 Mon Feb  6 12:51:00 UTC 2017 - idonmez@suse.com
 
diff --git a/mupdf.spec b/mupdf.spec
index 999a669..2150d51 100644
--- a/mupdf.spec
+++ b/mupdf.spec
@@ -33,6 +33,7 @@ Patch3:         CVE-2016-10133.patch
 Patch4:         CVE-2016-10141.patch
 Patch5:         CVE-2017-5627.patch
 Patch6:         CVE-2017-5628.patch
+Patch7:         CVE-2017-5896.patch
 BuildRequires:  freetype-devel
 BuildRequires:  gcc-c++
 BuildRequires:  jbig2dec-devel
@@ -69,6 +70,7 @@ based on mupdf.
 %prep
 %setup -q -n %{name}-%{version}-source
 %patch1 -p1
+%patch7 -p1
 
 pushd ./thirdparty/mujs
 %patch2 -p1