diff --git a/hplip-CVE-2010-4267.patch b/hplip-CVE-2010-4267.patch
new file mode 100644
index 0000000..452d055
--- /dev/null
+++ b/hplip-CVE-2010-4267.patch
@@ -0,0 +1,12 @@
+diff -up hplip-3.10.9/io/hpmud/pml.c.CVE-2010-4267 hplip-3.10.9/io/hpmud/pml.c
+--- hplip-3.10.9/io/hpmud/pml.c.CVE-2010-4267	2010-09-26 18:07:25.000000000 +0100
++++ hplip-3.10.9/io/hpmud/pml.c	2011-01-17 17:21:26.018127900 +0000
+@@ -504,6 +504,8 @@ enum HPMUD_RESULT hpmud_get_pml(HPMUD_DE
+       p += 2;                               /* eat type and length */
+    }
+    
++   if (dLen > buf_size)
++      dLen = buf_size;
+    memcpy(buf, p, dLen);
+    *bytes_read = dLen; 
+    *type = dt;
diff --git a/hplip.spec b/hplip.spec
index bcef64d..adf4ed8 100644
--- a/hplip.spec
+++ b/hplip.spec
@@ -1,7 +1,7 @@
 Summary: HP Linux Imaging and Printing Project
 Name: hplip
 Version: 3.10.9
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: GPLv2+ and MIT
 Group: System Environment/Daemons
 Conflicts: system-config-printer < 0.6.132
@@ -46,6 +46,7 @@ Patch32: hplip-newline.patch
 Patch33: hplip-dbus-threads.patch
 Patch34: hplip-notification-exception.patch
 Patch35: hplip-cups-web.patch
+Patch36: hplip-CVE-2010-4267.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -293,6 +294,10 @@ done
 # Fixed "CUPS Web Interface" button (bug #633899).
 %patch35 -p1 -b .cups-web
 
+# Applied patch to fix CVE-2010-4267, remote stack overflow
+# vulnerability (bug #670252).
+%patch36 -p1 -b .CVE-2010-4267
+
 sed -i.duplex-constraints \
     -e 's,\(UIConstraints.* \*Duplex\),//\1,' \
     prnt/drv/hpcups.drv.in
@@ -520,6 +525,10 @@ fi
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Mon Jan 17 2011 Tim Waugh <twaugh@redhat.com> - 3.10.9-14
+- Applied patch to fix CVE-2010-4267, remote stack overflow
+  vulnerability (bug #670252).
+
 * Wed Jan 12 2011 Tim Waugh <twaugh@redhat.com> - 3.10.9-13
 - Removed unused hpcac filter to avoid unnecessary perl dependency.