diff --git a/editorconfig.spec b/editorconfig.spec
index 9ac347c..544d31d 100644
--- a/editorconfig.spec
+++ b/editorconfig.spec
@@ -16,7 +16,7 @@ editors.}
 Name:           editorconfig
 Summary:        Parser for EditorConfig files written in C
 Version:        0.12.7
-Release:        1%{?dist}
+Release:        2%{?dist}
 
 # The entire source is BSD-2-Clause, except:
 #   BSD-3-Clause: src/lib/ini.h
@@ -34,6 +34,8 @@ License:        BSD-2-Clause AND BSD-3-Clause AND BSD-1-Clause
 URL:            https://github.com/editorconfig/editorconfig-core-c
 Source0:        %{url}/archive/v%{version}/%{srcname}-%{version}.tar.gz
 
+Patch0:         plug-leak-nums-utarray.patch
+
 BuildRequires:  cmake
 BuildRequires:  doxygen
 BuildRequires:  gcc
@@ -139,6 +141,9 @@ rm %{buildroot}/%{_libdir}/libeditorconfig_static.a
 
 
 %changelog
+* Wed Jun 12 2024 Christian Hergert <chergert@redhat.com> - 0.12.7-2
+- Add patch to plug resource leak of nums utarray
+
 * Wed Apr 03 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 0.12.7-1
 - Update to 0.12.7 (close RHBZ#2272370)
 
diff --git a/plug-leak-nums-utarray.patch b/plug-leak-nums-utarray.patch
new file mode 100644
index 0000000..68630c2
--- /dev/null
+++ b/plug-leak-nums-utarray.patch
@@ -0,0 +1,39 @@
+From ca14e1521e52981d94fbd35d7e8fcbc32c45fa50 Mon Sep 17 00:00:00 2001
+From: Christian Hergert <chergert@redhat.com>
+Date: Wed, 12 Jun 2024 13:21:49 -0700
+Subject: [PATCH] lib/ec_glob: plug leak of nums utarray
+
+---
+ src/lib/ec_glob.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib/ec_glob.c b/src/lib/ec_glob.c
+index c2b83cf..9bfaf9e 100644
+--- a/src/lib/ec_glob.c
++++ b/src/lib/ec_glob.c
+@@ -53,16 +53,20 @@ static const UT_icd ut_int_pair_icd = {sizeof(int_pair),NULL,NULL,NULL};
+ #define STRING_CAT(p, string, end)  do {    \
+     size_t string_len = strlen(string); \
+     assert(end > p); \
+-    if (string_len >= (size_t)(end - p)) \
++    if (string_len >= (size_t)(end - p)) { \
++        utarray_free(nums); \
+         return -1; \
++    } \
+     strcat(p, string); \
+     p += string_len; \
+ } while(0)
+ 
+ /* safely add a char to a string then move the pointer to the end */
+ #define ADD_CHAR(string, new_chr, end)  do {    \
+-    if (string + 1 >= end) \
++    if (string + 1 >= end) { \
++        utarray_free(nums); \
+         return -1; \
++    } \
+     *(string ++) = new_chr; \
+ } while(0)
+ 
+-- 
+2.45.1
+