diff --git a/file-5.19-CVE-2014-3587.patch b/file-5.19-CVE-2014-3587.patch
new file mode 100644
index 0000000..961c13d
--- /dev/null
+++ b/file-5.19-CVE-2014-3587.patch
@@ -0,0 +1,36 @@
+From 0641e56be1af003aa02c7c6b0184466540637233 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Thu, 7 Aug 2014 09:38:35 +0000
+Subject: [PATCH] Prevent wrap around (Remi Collet at redhat)
+
+---
+ src/cdf.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/cdf.c b/src/cdf.c
+index 5dbf3b1..3e691f4 100644
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -35,7 +35,7 @@
+ #include "file.h"
+ 
+ #ifndef lint
+-FILE_RCSID("@(#)$File: cdf.c,v 1.63 2014/06/09 13:04:37 christos Exp $")
++FILE_RCSID("@(#)$File: cdf.c,v 1.64 2014/07/24 19:35:39 christos Exp $")
+ #endif
+ 
+ #include <assert.h>
+@@ -835,6 +835,10 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 		q = (const uint8_t *)(const void *)
+ 		    ((const char *)(const void *)p + ofs
+ 		    - 2 * sizeof(uint32_t));
++		if (q < p) {
++			DPRINTF(("Wrapped around %p < %p\n", q, p));
++			goto out;
++		}
+ 		if (q > e) {
+ 			DPRINTF(("Ran of the end %p > %p\n", q, e));
+ 			goto out;
+-- 
+2.0.4
+
diff --git a/file.spec b/file.spec
index 4add616..26f7f33 100644
--- a/file.spec
+++ b/file.spec
@@ -4,7 +4,7 @@
 Summary: A utility for determining file types
 Name: file
 Version: 5.19
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: BSD
 Group: Applications/File
 Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
@@ -18,6 +18,7 @@ Patch5: file-5.04-man-return-code.patch
 Patch6: file-5.04-generic-msdos.patch
 Patch7: file-5.14-x86boot.patch
 Patch8: file-5.14-perl.patch
+Patch9: file-5.19-CVE-2014-3587.patch
 URL: http://www.darwinsys.com/file/
 Requires: file-libs = %{version}-%{release}
 BuildRequires: zlib-devel
@@ -86,6 +87,7 @@ file(1) command.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
 
 # Patches can generate *.orig files, which can't stay in the magic dir,
 # otherwise there will be problems with compiling magic file!
@@ -194,6 +196,9 @@ cd %{py3dir}
 %endif
 
 %changelog
+* Fri Aug 22 2014 Jan Kaluza <jkaluza@redhat.com> - 5.19-4
+- fix #1132787 - CVE-2014-3587
+
 * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.19-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild