diff --git a/speex-1.2.0-guard-against-invalid-channel-numbers.patch b/speex-1.2.0-guard-against-invalid-channel-numbers.patch
new file mode 100644
index 0000000..207baef
--- /dev/null
+++ b/speex-1.2.0-guard-against-invalid-channel-numbers.patch
@@ -0,0 +1,14 @@
+diff --git a/src/wav_io.c b/src/wav_io.c
+index b51830158f4defb536a760c93a77567daf69a74b..09d62eb017bb48fe48fa1efcaa122719ef1fe39f 100644
+--- a/src/wav_io.c
++++ b/src/wav_io.c
+@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
+    stmp = le_short(stmp);
+    *channels = stmp;
+ 
+-   if (stmp>2)
++   if (stmp>2 || stmp<1)
+    {
+       fprintf (stderr, "Only mono and (intensity) stereo supported\n");
+       return -1;
+
diff --git a/speex.spec b/speex.spec
index a3b858f..b740bbf 100644
--- a/speex.spec
+++ b/speex.spec
@@ -1,7 +1,7 @@
 Summary:	A voice compression format (codec)
 Name:		speex
 Version:	1.2.0
-Release:	10%{?dist}
+Release:	11%{?dist}
 License:	BSD
 URL:		https://www.speex.org/
 Source0:	https://downloads.xiph.org/releases/speex/%{name}-%{version}.tar.gz
@@ -9,6 +9,7 @@ BuildRequires: make
 BuildRequires:	gcc
 BuildRequires:	pkgconfig(ogg)
 BuildRequires:	pkgconfig(speexdsp)
+Patch0:		speex-1.2.0-guard-against-invalid-channel-numbers.patch
 
 %description
 Speex is a patent-free compression format designed especially for
@@ -35,6 +36,7 @@ speech. This package contains tools files and user's manual for %{name}.
 
 %prep
 %setup -q
+%patch0 -p1 -b.CVE-2020-23903
 
 %build
 %configure --disable-static --enable-binaries
@@ -70,6 +72,10 @@ rm -f $RPM_BUILD_ROOT%{_docdir}/speex/manual.pdf
 
 
 %changelog
+* Mon Apr 25 2022 Tomas Korbar <tkorbar@redhat.com> - 1.2.0-11
+- Fix CVE-2020-23903 speex: divide by zero in read_samples() via crafted WAV file
+- Resolves: CVE-2020-23903
+
 * Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild