diff --git a/icu.10318.CVE-2013-2924_changeset_34076.patch b/icu.10318.CVE-2013-2924_changeset_34076.patch
new file mode 100644
index 0000000..1d63ec8
--- /dev/null
+++ b/icu.10318.CVE-2013-2924_changeset_34076.patch
@@ -0,0 +1,43 @@
+diff -ru orig.icu/source/i18n/csrucode.cpp icu/source/i18n/csrucode.cpp
+--- orig.icu/source/i18n/csrucode.cpp	2012-04-05 22:45:54.000000000 +0200
++++ icu/source/i18n/csrucode.cpp	2013-10-09 18:56:06.521791271 +0200
+@@ -1,6 +1,6 @@
+ /*
+  **********************************************************************
+- *   Copyright (C) 2005-2006, International Business Machines
++ *   Copyright (C) 2005-2013, International Business Machines
+  *   Corporation and others.  All Rights Reserved.
+  **********************************************************************
+  */
+@@ -31,8 +31,9 @@
+ int32_t CharsetRecog_UTF_16_BE::match(InputText* textIn)
+ {
+     const uint8_t *input = textIn->fRawInput;
++    int32_t length = textIn->fRawLength;
+ 
+-    if (input[0] == 0xFE && input[1] == 0xFF) {
++    if (length >=2 && input[0] == 0xFE && input[1] == 0xFF) {
+         return 100;
+     }
+ 
+@@ -53,8 +54,9 @@
+ int32_t CharsetRecog_UTF_16_LE::match(InputText* textIn)
+ {
+     const uint8_t *input = textIn->fRawInput;
++    int32_t length = textIn->fRawLength;
+ 
+-    if (input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) {
++    if (length >= 4 && input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) {
+         return 100;
+     }
+ 
+@@ -76,7 +78,7 @@
+     bool hasBOM = FALSE;
+     int32_t confidence = 0;
+ 
+-    if (getChar(input, 0) == 0x0000FEFFUL) {
++    if (limit > 0 && getChar(input, 0) == 0x0000FEFFUL) {
+         hasBOM = TRUE;
+     }
+ 
+Only in icu/source/i18n: csrucode.cpp.orig
diff --git a/icu.spec b/icu.spec
index e803e85..eb4f44e 100644
--- a/icu.spec
+++ b/icu.spec
@@ -1,6 +1,6 @@
 Name:      icu
 Version:   49.1.1
-Release:   11%{?dist}
+Release:   12%{?dist}
 Summary:   International Components for Unicode
 Group:     Development/Tools
 License:   MIT and UCD and Public Domain
@@ -23,6 +23,7 @@ Patch7: icuinfo-man.patch
 Patch8: icu.9737.CVE-2013-0900_changesets_32865_32908.patch
 Patch9: CVE-2013-0900_umutex.patch
 Patch10: icu.10143.memory.leak.crash.patch
+Patch11: icu.10318.CVE-2013-2924_changeset_34076.patch
 
 %description
 Tools and utilities for developing with icu.
@@ -76,6 +77,7 @@ BuildArch: noarch
 %patch8 -p1 -b .icu9737.CVE-2013-0900_changesets_32865_32908.patch
 %patch9 -p1 -b .CVE-2013-0900_umutex.patch
 %patch10 -p1 -b .icu10143.memory.leak.crash.patch
+%patch11 -p1 -b .icu10318.CVE-2013-2924_changeset_34076.patch
 
 %build
 cd source
@@ -178,6 +180,9 @@ make %{?_smp_mflags} -C source check
 %doc source/__docs/%{name}/html/*
 
 %changelog
+* Wed Oct 09 2013 Eike Rathke <erack@redhat.com> - 49.1.1-12
+- Resolves: rhbz#1015594 CVE-2013-2924 use-after-free
+
 * Fri Oct 04 2013 Eike Rathke <erack@redhat.com> - 49.1.1-11
 - added %{?_isa} to Requires for multi-arch systems