diff --git a/libjpeg-turbo-commit-1365.patch b/libjpeg-turbo-commit-1365.patch
new file mode 100644
index 0000000..13df124
--- /dev/null
+++ b/libjpeg-turbo-commit-1365.patch
@@ -0,0 +1,29 @@
+--- a/jchuff.c
++++ b/jchuff.c
+@@ -4,7 +4,7 @@
+  * This file was part of the Independent JPEG Group's software:
+  * Copyright (C) 1991-1997, Thomas G. Lane.
+  * libjpeg-turbo Modifications:
+- * Copyright (C) 2009-2011, D. R. Commander.
++ * Copyright (C) 2009-2011, 2014 D. R. Commander.
+  * For conditions of distribution and use, see the accompanying README file.
+  *
+  * This file contains Huffman entropy encoding routines.
+@@ -426,7 +426,7 @@
+ LOCAL(boolean)
+ flush_bits (working_state * state)
+ {
+-  JOCTET _buffer[BUFSIZE], *buffer;
++  JOCTET _buffer[BUFSIZE + 8], *buffer;
+   size_t put_buffer;  int put_bits;
+   size_t bytes, bytestocopy;  int localbuf = 0;
+ 
+@@ -455,7 +455,7 @@
+   int temp, temp2, temp3;
+   int nbits;
+   int r, code, size;
+-  JOCTET _buffer[BUFSIZE], *buffer;
++  JOCTET _buffer[BUFSIZE + 8], *buffer;
+   size_t put_buffer;  int put_bits;
+   int code_0xf0 = actbl->ehufco[0xf0], size_0xf0 = actbl->ehufsi[0xf0];
+   size_t bytes, bytestocopy;  int localbuf = 0;
diff --git a/libjpeg-turbo-commit-1367.patch b/libjpeg-turbo-commit-1367.patch
new file mode 100644
index 0000000..9c3b224
--- /dev/null
+++ b/libjpeg-turbo-commit-1367.patch
@@ -0,0 +1,29 @@
+--- a/jchuff.c
++++ b/jchuff.c
+@@ -408,7 +408,7 @@
+ #endif
+ 
+ 
+-#define BUFSIZE (DCTSIZE2 * 2)
++#define BUFSIZE (DCTSIZE2 * 2) + 8
+ 
+ #define LOAD_BUFFER() { \
+   if (state->free_in_buffer < BUFSIZE) { \
+@@ -443,7 +443,7 @@
+ LOCAL(boolean)
+ flush_bits (working_state * state)
+ {
+-  JOCTET _buffer[BUFSIZE + 8], *buffer;
++  JOCTET _buffer[BUFSIZE], *buffer;
+   size_t put_buffer;  int put_bits;
+   size_t bytes, bytestocopy;  int localbuf = 0;
+ 
+@@ -472,7 +472,7 @@
+   int temp, temp2, temp3;
+   int nbits;
+   int r, code, size;
+-  JOCTET _buffer[BUFSIZE + 8], *buffer;
++  JOCTET _buffer[BUFSIZE], *buffer;
+   size_t put_buffer;  int put_bits;
+   int code_0xf0 = actbl->ehufco[0xf0], size_0xf0 = actbl->ehufsi[0xf0];
+   size_t bytes, bytestocopy;  int localbuf = 0;
diff --git a/mingw-libjpeg-turbo.spec b/mingw-libjpeg-turbo.spec
index 21fba1e..6eadde8 100644
--- a/mingw-libjpeg-turbo.spec
+++ b/mingw-libjpeg-turbo.spec
@@ -6,7 +6,7 @@
 
 Name:           mingw-libjpeg-turbo
 Version:        1.3.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        MinGW Windows Libjpeg-turbo library
 
 License:        wxWidgets
@@ -21,6 +21,10 @@ Patch0:         libjpeg-turbo-match-autoconf-behavior.patch
 # Fix compatibility with older CMake versions (as used on RHEL7)
 Patch1:         libjpeg-turbo-r1237.patch
 
+# Fix CVE-2014-9092 (RHBZ #1169851 #1169853)
+Patch2:         libjpeg-turbo-commit-1365.patch
+Patch3:         libjpeg-turbo-commit-1367.patch
+
 BuildArch:      noarch
 
 BuildRequires:  mingw32-filesystem >= 95
@@ -84,6 +88,8 @@ Static version of the MinGW Windows cross compiled Libjpeg-turbo library.
 %setup -q -n libjpeg-turbo-%{version}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
 
 
 %build
@@ -154,6 +160,9 @@ chmod -x README-turbo.txt
 
 
 %changelog
+* Mon Dec 22 2014 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.3.1-4
+- Fix CVE-2014-9092 (RHBZ #1169851 #1169853)
+
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild