diff --git a/liblouis-3.16.1-fix-CVE-2023-26767.patch b/liblouis-3.16.1-fix-CVE-2023-26767.patch
new file mode 100644
index 0000000..8d37bde
--- /dev/null
+++ b/liblouis-3.16.1-fix-CVE-2023-26767.patch
@@ -0,0 +1,42 @@
+From f432de31058b5a94874d47405216d07910c18a9a Mon Sep 17 00:00:00 2001
+From: Christian Egli <christian.egli@sbs.ch>
+Date: Wed, 8 Feb 2023 11:18:27 +0100
+Subject: [PATCH] Check the length of path before copying into dataPath
+
+See https://lwn.net/Articles/507319/ for more background on the
+security problems of strcpy.
+
+Fixes #1292
+---
+ NEWS                               | 2 ++
+ liblouis/compileTranslationTable.c | 2 +-
+ liblouis/liblouis.h.in             | 3 ++-
+ 3 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/liblouis/compileTranslationTable.c b/liblouis/compileTranslationTable.c
+index cbc6ae1614..3c74929bcb 100644
+--- a/liblouis/compileTranslationTable.c
++++ b/liblouis/compileTranslationTable.c
+@@ -58,7 +58,7 @@ char *EXPORT_CALL
+ lou_setDataPath(const char *path) {
+ 	static char dataPath[MAXSTRING];
+ 	dataPathPtr = NULL;
+-	if (path == NULL) return NULL;
++	if (path == NULL || strlen(path) >= MAXSTRING) return NULL;
+ 	strcpy(dataPath, path);
+ 	dataPathPtr = dataPath;
+ 	return dataPathPtr;
+diff --git a/liblouis/liblouis.h.in b/liblouis/liblouis.h.in
+index 88d7996895..c51305f7ad 100644
+--- a/liblouis/liblouis.h.in
++++ b/liblouis/liblouis.h.in
+@@ -283,7 +283,8 @@ lou_getEmphClasses(const char *tableList);
+ /**
+  * Set the path used for searching for tables and liblouisutdml files.
+  *
+- * Overrides the installation path. */
++ * Overrides the installation path. Returns NULL if `path` is NULL or
++ * if the length of `path` is equal or longer than `MAXSTRING`. */
+ LIBLOUIS_API
+ char *EXPORT_CALL
+ lou_setDataPath(const char *path);
diff --git a/liblouis.spec b/liblouis.spec
index 9bff451..1bd326d 100644
--- a/liblouis.spec
+++ b/liblouis.spec
@@ -3,12 +3,14 @@
 
 Name:           liblouis
 Version:        3.16.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        Braille translation and back-translation library
 
 License:        LGPLv3+
 URL:            http://liblouis.org
 Source0:        https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
+# https://bugzilla.redhat.com/show_bug.cgi?id=2181147
+Patch0:         liblouis-3.16.1-fix-CVE-2023-26767.patch
 
 BuildRequires:  chrpath
 BuildRequires:  gcc
@@ -81,7 +83,7 @@ This package provides the documentation for liblouis.
 
 
 %prep
-%setup -q
+%autosetup -p1
 
 
 %build
@@ -143,6 +145,9 @@ done
 
 
 %changelog
+* Mon Apr 03 2023 David King <amigadave@amigadave.com> - 3.16.1-5
+- Fix CVE-2023-26767 (#2181147)
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.16.1-4
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688