diff --git a/libjpeg-turbo-CVE-2018-20330.patch b/libjpeg-turbo-CVE-2018-20330.patch
new file mode 100644
index 0000000..169d01a
--- /dev/null
+++ b/libjpeg-turbo-CVE-2018-20330.patch
@@ -0,0 +1,38 @@
+From 9c5f56c55a8610953854408b3aade01320064e07 Mon Sep 17 00:00:00 2001
+From: DRC <information@libjpeg-turbo.org>
+Date: Tue, 1 Jan 2019 18:57:36 -0600
+Subject: [PATCH] tjLoadImage(): Fix int overflow/segfault w/big BMP
+
+Fixes #304
+---
+ turbojpeg.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/turbojpeg.c b/turbojpeg.c
+index 90a9ce6..3b5154f 100644
+--- a/turbojpeg.c
++++ b/turbojpeg.c
+@@ -1960,7 +1960,8 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
+                                      int align, int *height, int *pixelFormat,
+                                      int flags)
+ {
+-  int retval = 0, tempc, pitch;
++  int retval = 0, tempc;
++  size_t pitch;
+   tjhandle handle = NULL;
+   tjinstance *this;
+   j_compress_ptr cinfo = NULL;
+@@ -2013,7 +2014,9 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
+   *pixelFormat = cs2pf[cinfo->in_color_space];
+ 
+   pitch = PAD((*width) * tjPixelSize[*pixelFormat], align);
+-  if ((dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
++  if ((unsigned long long)pitch * (unsigned long long)(*height) >
++      (unsigned long long)((size_t)-1) ||
++      (dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
+     _throwg("tjLoadImage(): Memory allocation failure");
+ 
+   if (setjmp(this->jerr.setjmp_buffer)) {
+-- 
+2.17.2
+
diff --git a/libjpeg-turbo.spec b/libjpeg-turbo.spec
index 6a257af..3b1749c 100644
--- a/libjpeg-turbo.spec
+++ b/libjpeg-turbo.spec
@@ -1,12 +1,13 @@
 Name:           libjpeg-turbo
 Version:        2.0.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files
 License:        IJG
 URL:            http://sourceforge.net/projects/libjpeg-turbo
 
 Source0:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 Patch0:         libjpeg-turbo-cmake.patch
+Patch1:         libjpeg-turbo-CVE-2018-20330.patch
 
 BuildRequires:  gcc
 BuildRequires:  cmake
@@ -69,6 +70,7 @@ manipulate JPEG files using the TurboJPEG library.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
 %{cmake} -DCMAKE_SKIP_RPATH:BOOL=YES \
@@ -168,6 +170,9 @@ LD_LIBRARY_PATH=%{buildroot}%{_libdir} make test %{?_smp_mflags}
 %{_libdir}/pkgconfig/libturbojpeg.pc
 
 %changelog
+* Fri Jan 11 2019 Nikola Forró <nforro@redhat.com> - 2.0.0-2
+- Fix CVE-2018-20330 (#1665224)
+
 * Mon Jul 30 2018 Nikola Forró <nforro@redhat.com> - 2.0.0-1
 - New upstream release 2.0.0 (#1609439)