diff --git a/pngcheck-2.4.0-overflow-bz1897485.patch b/pngcheck-2.4.0-overflow-bz1897485.patch
new file mode 100644
index 0000000..179a36f
--- /dev/null
+++ b/pngcheck-2.4.0-overflow-bz1897485.patch
@@ -0,0 +1,23 @@
+Fix buffer overflow reported in RHBZ #1897485.
+
+When char is signed, casting to a (signed) int directly could produce a
+negative offset into the ASCII lookup table; adding an intermediate cast to uch
+(a typedef for unsigned char) ensures a nonnegative offset no greater than 255,
+which always corresponds to a valid table index.
+
+diff -Naur pngcheck-2.4.0-original/pngcheck.c pngcheck-2.4.0/pngcheck.c
+--- pngcheck-2.4.0-original/pngcheck.c	2020-10-31 14:59:48.000000000 -0400
++++ pngcheck-2.4.0/pngcheck.c	2020-11-13 09:51:34.834858819 -0500
+@@ -4926,8 +4926,10 @@
+ /* GRR 20061203:  now EBCDIC-safe */
+ int check_chunk_name(char *chunk_name, char *fname)
+ {
+-  if (isASCIIalpha((int)chunk_name[0]) && isASCIIalpha((int)chunk_name[1]) &&
+-      isASCIIalpha((int)chunk_name[2]) && isASCIIalpha((int)chunk_name[3]))
++  if (isASCIIalpha((int)(uch)chunk_name[0]) &&
++      isASCIIalpha((int)(uch)chunk_name[1]) &&
++      isASCIIalpha((int)(uch)chunk_name[2]) &&
++      isASCIIalpha((int)(uch)chunk_name[3]))
+     return 0;
+ 
+   printf("%s%s  invalid chunk name \"%.*s\" (%02x %02x %02x %02x)\n",
diff --git a/pngcheck.spec b/pngcheck.spec
index abaf4db..efd02b7 100644
--- a/pngcheck.spec
+++ b/pngcheck.spec
@@ -1,6 +1,6 @@
 Name:           pngcheck
 Version:        2.4.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Verifies the integrity of PNG, JNG and MNG files
 
 # Note that the main package contains only pngcheck, compiled from a single
@@ -11,6 +11,11 @@ License:        MIT
 URL:            http://www.libpng.org/pub/png/apps/pngcheck.html
 Source0:        http://www.libpng.org/pub/png/src/%{name}-%{version}.tar.gz
 
+# Fix buffer overflow reported in:
+#   https://bugzilla.redhat.com/show_bug.cgi?id=1897485
+# Patch sent upstream by email to Greg Roelofs 2020-11-13.
+Patch0:         pngcheck-2.4.0-overflow-bz1897485.patch
+
 BuildRequires:  gcc
 BuildRequires:  pkgconfig(zlib)
 
@@ -83,6 +88,9 @@ install -t '%{buildroot}%{_mandir}/man1' -m 0644 -p *.1 gpl/*.1
 
 
 %changelog
+* Fri Nov 13 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 2.4.0-2
+- Fix buffer overflow (RHBZ #1897485)
+
 * Sun Nov  1 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 2.4.0-1
 - New upstream version 2.4.0
 - Added new license file for main package (same MIT-style license)