diff --git a/autotrace-0.31.1-CVE-2019-19004.patch b/autotrace-0.31.1-CVE-2019-19004.patch
new file mode 100644
index 0000000..7121b94
--- /dev/null
+++ b/autotrace-0.31.1-CVE-2019-19004.patch
@@ -0,0 +1,17 @@
+diff -urN autotrace-0.31.1.old/input-bmp.c autotrace-0.31.1/input-bmp.c
+--- autotrace-0.31.1.old/input-bmp.c	2021-04-30 15:03:16.264446518 +0530
++++ autotrace-0.31.1/input-bmp.c	2021-04-30 15:06:14.682051209 +0530
+@@ -220,6 +220,13 @@
+    * word length (32 bits == 4 bytes)
+    */
+ 
++  unsigned long overflowTest = Bitmap_Head.biWidth * Bitmap_Head.biBitCnt;
++  if (overflowTest / Bitmap_Head.biWidth != Bitmap_Head.biBitCnt) {
++    LOG("Error reading BMP file header. Width is too large\n");
++    at_exception_fatal(&exp, "Error reading BMP file header. Width is too large");
++    goto cleanup;
++  }
++
+   rowbytes= ( (Bitmap_Head.biWidth * Bitmap_Head.biBitCnt - 1) / 32) * 4 + 4;  
+ 
+ #ifdef DEBUG
diff --git a/autotrace-0.31.1-CVE-2019-19005.patch b/autotrace-0.31.1-CVE-2019-19005.patch
new file mode 100644
index 0000000..cb0ffc7
--- /dev/null
+++ b/autotrace-0.31.1-CVE-2019-19005.patch
@@ -0,0 +1,35 @@
+diff -urN autotrace-0.31.1.old/xstd.h autotrace-0.31.1/xstd.h
+--- autotrace-0.31.1.old/xstd.h	2002-10-11 02:14:17.000000000 +0530
++++ autotrace-0.31.1/xstd.h	2021-04-30 15:22:25.853589944 +0530
+@@ -20,6 +20,7 @@
+ #define XMALLOC(new_mem, size)			\
+ do						\
+   {						\
++    assert(size);                              \
+     new_mem = (at_address) malloc (size);	\
+     assert(new_mem);				\
+   } while (0)
+@@ -28,6 +29,7 @@
+ #define XCALLOC(new_mem, size)			\
+ do						\
+   {						\
++    assert(size);                              \
+     new_mem = (at_address) calloc (size, 1);	\
+     assert(new_mem);				\
+   } while (0)
+@@ -55,6 +57,7 @@
+ #define XMALLOC(new_mem, size)					\
+ do								\
+   {								\
++    assert(size);                                              \
+     (at_address&)(new_mem) = (at_address) malloc (size);	\
+      assert(new_mem);						\
+   } while (0) 
+@@ -63,6 +66,7 @@
+ #define XCALLOC(new_mem, sizex)					\
+ do								\
+   {								\
++    assert(size);                                              \
+     (at_address&)(new_mem) = (void *) calloc (sizex, 1);	\
+     assert(new_mem);						\
+   } while (0) 
diff --git a/autotrace.spec b/autotrace.spec
index e89e92d..7e2eaf3 100644
--- a/autotrace.spec
+++ b/autotrace.spec
@@ -1,6 +1,6 @@
 Name:           autotrace
 Version:        0.31.1
-Release:        60%{?dist}
+Release:        61%{?dist}
 Summary:        Utility for converting bitmaps to vector graphics
 License:        GPLv2+ and LGPLv2+
 URL:            http://autotrace.sourceforge.net/
@@ -13,6 +13,9 @@ Patch4:         autotrace-0.31.1-CVE-2013-1953.patch
 Patch5:         autotrace-0.31.1-multilib-fix.patch
 Patch6:         autotrace-0.31.1-pstoedit-detection-fix.patch
 Patch7:         autotrace-0.31.1-CVE-2016-7392.patch
+Patch8:         autotrace-0.31.1-CVE-2019-19004.patch
+Patch9:         autotrace-0.31.1-CVE-2019-19005.patch
+
 BuildRequires:  gcc-c++
 %if ! 0%{?rhel}
 BuildRequires:  ImageMagick-devel
@@ -63,6 +66,8 @@ This package contains header files and development libraries for autotrace.
 %patch5 -p1 -b .multilib-fix
 %patch6 -p1 -b .pstoedit-detection-fix
 %patch7 -p1 -b .CVE-2016-7392
+%patch8 -p1 -b .CVE-2019-19004
+%patch9 -p1 -b .CVE-2019-19005
 autoreconf -ivf
 
 %build
@@ -104,6 +109,10 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';'
 
 
 %changelog
+* Fri Apr 30 2021 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-61
+- Resolves: CVE-2019-19004 : integer overflow in input-bmp.c
+- Resolves: CVE-2019-19005 : fix bitmap double free in main.c
+
 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.31.1-60
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937