diff --git a/0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0.patch b/0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0.patch
new file mode 100644
index 0000000..f96751e
--- /dev/null
+++ b/0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0.patch
@@ -0,0 +1,33 @@
+diff -rupN openjpeg-version.2.1/src/lib/openjp2/j2k.c openjpeg-version.2.1-new/src/lib/openjp2/j2k.c
+--- openjpeg-version.2.1/src/lib/openjp2/j2k.c	2015-10-01 18:38:24.990369074 +0200
++++ openjpeg-version.2.1-new/src/lib/openjp2/j2k.c	2015-10-01 18:38:36.166536063 +0200
+@@ -7156,6 +7156,12 @@ static OPJ_BOOL opj_j2k_copy_default_tcp
+                 /* Initialize some values of the current tile coding parameters*/
+                 l_tcp->ppt = 0;
+                 l_tcp->ppt_data = 00;
++                /* Remove memory not owned by this tile in case of early error return. */
++                l_tcp->m_mct_decoding_matrix = 00;
++                l_tcp->m_nb_max_mct_records = 0;
++                l_tcp->m_mct_records = 00;
++                l_tcp->m_nb_max_mcc_records = 0;
++                l_tcp->m_mcc_records = 00;
+                 /* Reconnect the tile-compo coding parameters pointer to the current tile coding parameters*/
+                 l_tcp->tccps = l_current_tccp;
+ 
+@@ -7193,6 +7199,8 @@ static OPJ_BOOL opj_j2k_copy_default_tcp
+ 
+                         ++l_src_mct_rec;
+                         ++l_dest_mct_rec;
++                        /* Update with each pass to free exactly what has been allocated on early return. */
++                        l_tcp->m_nb_max_mct_records += 1;
+                 }
+ 
+                 /* Get the mcc_record of the dflt_tile_cp and copy them into the current tile cp*/
+@@ -7202,6 +7210,7 @@ static OPJ_BOOL opj_j2k_copy_default_tcp
+                         return OPJ_FALSE;
+                 }
+                 memcpy(l_tcp->m_mcc_records,l_default_tcp->m_mcc_records,l_mcc_records_size);
++                l_tcp->m_nb_max_mcc_records = l_default_tcp->m_nb_max_mcc_records;
+ 
+                 /* Copy the mcc record data from dflt_tile_cp to the current tile*/
+                 l_src_mcc_rec = l_default_tcp->m_mcc_records;
diff --git a/openjpeg2.spec b/openjpeg2.spec
index cb9b320..ca24d5c 100644
--- a/openjpeg2.spec
+++ b/openjpeg2.spec
@@ -10,7 +10,7 @@
 
 Name:           openjpeg2
 Version:        2.1.0
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        C-Library for JPEG 2000
 
 # windirent.h is MIT, the rest is BSD
@@ -32,6 +32,8 @@ Patch0:         openjpeg2_remove-thirdparty.patch
 Patch1:         openjpeg2_bigendian.patch
 # Backport fix for use after free vulnerability (#1263359)
 Patch2:         940100c28ae28931722290794889cf84a92c5f6f.patch
+# Backport fix for possible double-free (#1267983)
+Patch3:         0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0.patch
 
 BuildRequires:  cmake
 BuildRequires:  zlib-devel
@@ -214,6 +216,7 @@ OpenJPEG2 JP3D module command line tools
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 # Remove all third party libraries just to be sure
 rm -rf thirdparty
@@ -342,6 +345,9 @@ make test -C %{_target_platform}
 
 
 %changelog
+* Thu Oct 01 2015 Sandro Mani <manisandro@gmail.com> - 2.1.0-7
+- Backport fix for possible double-free (#1267983)
+
 * Tue Sep 15 2015 Sandro Mani <manisandro@gmail.com> - 2.1.0-6
 - Backport fix for use after free vulnerability (#1263359)