diff --git a/mupdf-1.12-CVE-2018-6192.patch b/mupdf-1.12-CVE-2018-6192.patch
new file mode 100644
index 0000000..63b6869
--- /dev/null
+++ b/mupdf-1.12-CVE-2018-6192.patch
@@ -0,0 +1,43 @@
+From 5e411a99604ff6be5db9e273ee84737204113299 Mon Sep 17 00:00:00 2001
+Message-Id: <5e411a99604ff6be5db9e273ee84737204113299.1518615489.git.mjg@fedoraproject.org>
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Tue, 30 Jan 2018 02:05:57 +0100
+Subject: [PATCH] Bug 698916: Indirect object numbers must be in range.
+
+Signed-off-by: Michael J Gruber <mjg@fedoraproject.org>
+---
+ source/pdf/pdf-parse.c | 2 ++
+ source/pdf/pdf-xref.c  | 4 ++--
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/source/pdf/pdf-parse.c b/source/pdf/pdf-parse.c
+index 7904ebd7..b4783ae8 100644
+--- a/source/pdf/pdf-parse.c
++++ b/source/pdf/pdf-parse.c
+@@ -623,6 +623,8 @@ pdf_parse_ind_obj(fz_context *ctx, pdf_document *doc,
+ 		fz_throw(ctx, FZ_ERROR_SYNTAX, "expected object number");
+ 	}
+ 	num = buf->i;
++	if (num < 0 || num > PDF_MAX_OBJECT_NUMBER)
++		fz_throw(ctx, FZ_ERROR_SYNTAX, "object number out of range");
+ 
+ 	tok = pdf_lex(ctx, file, buf);
+ 	if (tok != PDF_TOK_INT)
+diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
+index 4997ebe5..cfcd0a21 100644
+--- a/source/pdf/pdf-xref.c
++++ b/source/pdf/pdf-xref.c
+@@ -228,8 +228,8 @@ pdf_xref_entry *pdf_get_populating_xref_entry(fz_context *ctx, pdf_document *doc
+ 	}
+ 
+ 	/* Prevent accidental heap underflow */
+-	if (num < 0)
+-		fz_throw(ctx, FZ_ERROR_GENERIC, "object number must not be negative (%d)", num);
++	if (num < 0 || num > PDF_MAX_OBJECT_NUMBER)
++		fz_throw(ctx, FZ_ERROR_GENERIC, "object number out of range (%d)", num);
+ 
+ 	/* Return the pointer to the entry in the last section. */
+ 	xref = &doc->xref_sections[doc->num_xref_sections-1];
+-- 
+2.16.1.312.g365a692731
+
diff --git a/mupdf.spec b/mupdf.spec
index 76ed031..989b66a 100644
--- a/mupdf.spec
+++ b/mupdf.spec
@@ -1,6 +1,6 @@
 Name:           mupdf
 Version:        1.12.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        A lightweight PDF viewer and toolkit
 Group:          Applications/Publishing
 License:        GPLv3
@@ -16,6 +16,7 @@ Patch0:         %{name}-1.12-openjpeg.patch
 Patch1:         %{name}-1.12-CVE-2017-17858.patch
 Patch2:         %{name}-1.12-CVE-2018-5686.patch
 Patch3:         %{name}-1.12-CVE-2018-6187.patch
+Patch4:         %{name}-1.12-CVE-2018-6192.patch
 
 %description
 MuPDF is a lightweight PDF viewer and toolkit written in portable C.
@@ -49,6 +50,7 @@ rm -rf thirdparty
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %build
 export XCFLAGS="%{optflags} -fPIC -DJBIG_NO_MEMENTO -DTOFU -DTOFU_CJK"
@@ -86,6 +88,9 @@ update-desktop-database &> /dev/null || :
 %{_libdir}/lib%{name}*.a
 
 %changelog
+* Wed Feb 14 2018 Michael J Gruber <mjg@fedoraproject.org> - 1.12.0-5
+- CVE-2018-6192 (rh bz #1539845 #1539846) (gs bz #698916)
+
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.12.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild