diff --git a/0008-heap-buffer-overflow.patch b/0008-heap-buffer-overflow.patch
new file mode 100644
index 0000000..c72c395
--- /dev/null
+++ b/0008-heap-buffer-overflow.patch
@@ -0,0 +1,23 @@
+From: Ludovic Rousseau <rousseau@debian.org>
+Date: Sat, 3 Feb 2018 10:23:09 +0100
+Subject: Fix heap buffer overflow
+
+Bug-Debian: http://bugs.debian.org/889272
+
+---
+ exif.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/exif.c b/exif.c
+index bcde6c8..1dee145 100644
+--- a/exif.c
++++ b/exif.c
+@@ -1020,7 +1020,7 @@ void process_EXIF (unsigned char * ExifSection, unsigned int length)
+ 
+     FirstOffset = Get32u(ExifSection+12);
+     if (FirstOffset < 8 || FirstOffset > 16){
+-        if (FirstOffset < 16 || FirstOffset > length-16){
++        if (FirstOffset < 16 || length < 16 || FirstOffset > length-16){
+             ErrNonfatal("invalid offset for first Exif IFD value",0,0);
+             return;
+         }
diff --git a/jhead.spec b/jhead.spec
index 6f7fe17..3ede595 100644
--- a/jhead.spec
+++ b/jhead.spec
@@ -6,8 +6,8 @@ Group: Applications/Multimedia
 License: Public Domain
 URL: http://www.sentex.net/~mwandel/jhead/
 Source0: http://www.sentex.net/~mwandel/jhead/jhead-%{version}.tar.gz
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: libjpeg-turbo-utils
+Patch0: https://sources.debian.org/data/main/j/jhead/1:3.00-6/debian/patches/0008-heap-buffer-overflow.patch
 
 %description
 Jhead displays and manipulates the non-image portions of EXIF formatted
@@ -15,20 +15,17 @@ JPEG images, such as the images produced by most digital cameras.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS"
 
 %install
-rm -rf $RPM_BUILD_ROOT
 %{__mkdir_p} ${RPM_BUILD_ROOT}/%{_bindir}
 cp -p jhead ${RPM_BUILD_ROOT}/%{_bindir}
 %{__mkdir_p} ${RPM_BUILD_ROOT}/%{_mandir}/man1/
 cp -p jhead.1 ${RPM_BUILD_ROOT}/%{_mandir}/man1/
 
-%clean
-rm -rf $RPM_BUILD_ROOT
-
 %files
 %defattr(-,root,root,-)
 %doc readme.txt usage.html changes.txt
@@ -36,6 +33,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man?/*
 
 %changelog
+* Mon Feb 05 2018 Adrian Reber <adrian@lisas.de> - 3.00-7
+- Added Debian patch to fix CVE-2018-6612 (#1542049)
+
 * Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.00-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild