diff --git a/CVE-2021-20205.patch b/CVE-2021-20205.patch
new file mode 100644
index 0000000..affcb55
--- /dev/null
+++ b/CVE-2021-20205.patch
@@ -0,0 +1,72 @@
+diff -rupN --no-dereference libjpeg-turbo-2.0.90/cderror.h libjpeg-turbo-2.0.90-new/cderror.h
+--- libjpeg-turbo-2.0.90/cderror.h	2020-11-25 04:56:19.000000000 +0100
++++ libjpeg-turbo-2.0.90-new/cderror.h	2021-04-12 10:20:58.463111547 +0200
+@@ -1,9 +1,11 @@
+ /*
+  * cderror.h
+  *
++ * This file was part of the Independent JPEG Group's software:
+  * Copyright (C) 1994-1997, Thomas G. Lane.
+  * Modified 2009-2017 by Guido Vollbeding.
+- * This file is part of the Independent JPEG Group's software.
++ * libjpeg-turbo Modifications:
++ * Copyright (C) 2021, D. R. Commander.
+  * For conditions of distribution and use, see the accompanying README.ijg
+  * file.
+  *
+@@ -60,6 +62,7 @@ JMESSAGE(JTRC_BMP_OS2_MAPPED, "%ux%u 8-b
+ JMESSAGE(JERR_GIF_BUG, "GIF output got confused")
+ JMESSAGE(JERR_GIF_CODESIZE, "Bogus GIF codesize %d")
+ JMESSAGE(JERR_GIF_COLORSPACE, "GIF output must be grayscale or RGB")
++JMESSAGE(JERR_GIF_EMPTY, "Empty GIF image")
+ JMESSAGE(JERR_GIF_IMAGENOTFOUND, "Too few images in GIF file")
+ JMESSAGE(JERR_GIF_NOT, "Not a GIF file")
+ JMESSAGE(JTRC_GIF, "%ux%ux%d GIF image")
+diff -rupN --no-dereference libjpeg-turbo-2.0.90/ChangeLog.md libjpeg-turbo-2.0.90-new/ChangeLog.md
+--- libjpeg-turbo-2.0.90/ChangeLog.md	2020-11-25 04:56:19.000000000 +0100
++++ libjpeg-turbo-2.0.90-new/ChangeLog.md	2021-04-12 10:20:58.463111547 +0200
+@@ -140,6 +140,10 @@ been reverted.
+ 15. The build system can now be used to generate a universal x86-64 + Armv8
+ libjpeg-turbo SDK package for both iOS and macOS.
+ 
++4. Fixed a floating point exception that occurred when attempting to compress a
++specially-crafted malformed GIF image with a specified image width of 0 using
++cjpeg.
++
+ 
+ 2.0.6
+ =====
+diff -rupN --no-dereference libjpeg-turbo-2.0.90/rdgif.c libjpeg-turbo-2.0.90-new/rdgif.c
+--- libjpeg-turbo-2.0.90/rdgif.c	2020-11-25 04:56:19.000000000 +0100
++++ libjpeg-turbo-2.0.90-new/rdgif.c	2021-04-12 10:20:58.463111547 +0200
+@@ -1,9 +1,11 @@
+ /*
+  * rdgif.c
+  *
++ * This file was part of the Independent JPEG Group's software:
+  * Copyright (C) 1991-1997, Thomas G. Lane.
+  * Modified 2019 by Guido Vollbeding.
+- * This file is part of the Independent JPEG Group's software.
++ * libjpeg-turbo Modifications:
++ * Copyright (C) 2021, D. R. Commander.
+  * For conditions of distribution and use, see the accompanying README.ijg
+  * file.
+  *
+@@ -404,6 +406,8 @@ start_input_gif(j_compress_ptr cinfo, cj
+     ERREXIT(cinfo, JERR_INPUT_EOF);
+   width = LM_to_uint(hdrbuf, 0);
+   height = LM_to_uint(hdrbuf, 2);
++  if (width == 0 || height == 0)
++    ERREXIT(cinfo, JERR_GIF_EMPTY);
+   /* we ignore the color resolution, sort flag, and background color index */
+   aspectRatio = UCH(hdrbuf[6]);
+   if (aspectRatio != 0 && aspectRatio != 49)
+@@ -446,6 +450,8 @@ start_input_gif(j_compress_ptr cinfo, cj
+     /* we ignore top/left position info, also sort flag */
+     width = LM_to_uint(hdrbuf, 4);
+     height = LM_to_uint(hdrbuf, 6);
++    if (width == 0 || height == 0)
++      ERREXIT(cinfo, JERR_GIF_EMPTY);
+     source->is_interlaced = (BitSet(hdrbuf[8], INTERLACE) != 0);
+ 
+     /* Read local colormap if header indicates it is present */
diff --git a/libjpeg-turbo-match-autoconf-behavior.patch b/libjpeg-turbo-match-autoconf-behavior.patch
index 2c093ea..db1e71e 100644
--- a/libjpeg-turbo-match-autoconf-behavior.patch
+++ b/libjpeg-turbo-match-autoconf-behavior.patch
@@ -1,6 +1,6 @@
 diff -rupN --no-dereference libjpeg-turbo-2.0.90/win/jconfig.h.in libjpeg-turbo-2.0.90-new/win/jconfig.h.in
 --- libjpeg-turbo-2.0.90/win/jconfig.h.in	2020-11-25 04:56:19.000000000 +0100
-+++ libjpeg-turbo-2.0.90-new/win/jconfig.h.in	2021-01-28 13:40:54.823347735 +0100
++++ libjpeg-turbo-2.0.90-new/win/jconfig.h.in	2021-04-12 10:20:58.427111546 +0200
 @@ -9,13 +9,13 @@
  
  #define BITS_IN_JSAMPLE  @BITS_IN_JSAMPLE@      /* use 8 or 12 */
diff --git a/mingw-libjpeg-turbo.spec b/mingw-libjpeg-turbo.spec
index 690fa4b..59c3dff 100644
--- a/mingw-libjpeg-turbo.spec
+++ b/mingw-libjpeg-turbo.spec
@@ -6,7 +6,7 @@
 
 Name:           mingw-libjpeg-turbo
 Version:        2.0.90
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        MinGW Windows Libjpeg-turbo library
 
 License:        wxWidgets
@@ -17,9 +17,12 @@ Source0:        http://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-%{v
 # https://bugzilla.redhat.com/show_bug.cgi?id=843193
 Patch0:         libjpeg-turbo-match-autoconf-behavior.patch
 
+# Backport patch for CVE-2021-20205
+# https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1719d12e51641cce5c77e259516649ba5ef6303c
+Patch1:         CVE-2021-20205.patch
+
 BuildArch:      noarch
 
-BuildRequires: make
 BuildRequires:  mingw32-filesystem >= 95
 BuildRequires:  mingw32-gcc
 BuildRequires:  mingw32-gcc-c++
@@ -32,6 +35,8 @@ BuildRequires:  mingw64-binutils
 
 BuildRequires:  nasm
 BuildRequires:  cmake
+BuildRequires:  make
+
 
 %description
 MinGW Windows cross compiled Libjpeg-turbo library.
@@ -159,6 +164,9 @@ chmod -x README.md
 
 
 %changelog
+* Mon Apr 12 2021 Sandro Mani <manisandro@gmail.com> - 2.0.90-2
+- Backport patch for CVE-2021-20205
+
 * Thu Jan 28 2021 Sandro Mani <manisandro@gmail.com> - 2.0.90-1
 - Update to 2.0.90