diff --git a/0016-CVE-2020-21531.patch b/0016-CVE-2020-21531.patch
new file mode 100644
index 0000000..8a8be42
--- /dev/null
+++ b/0016-CVE-2020-21531.patch
@@ -0,0 +1,63 @@
+From d50ae523fcee5c2d4357bbd8ce5baeeb18d15a2c Mon Sep 17 00:00:00 2001
+From: Ondrej Dubaj <odubaj@redhat.com>
+Date: Tue, 21 Sep 2021 10:42:50 +0200
+Subject: [PATCH] Reject out-of-range pattern
+
+---
+ fig2dev/object.h      |  2 +-
+ fig2dev/tests/read.at | 19 +++++++++++++++++--
+ 2 files changed, 18 insertions(+), 3 deletions(-)
+
+diff --git a/fig2dev/object.h b/fig2dev/object.h
+index 8464010..6830b13 100644
+--- a/fig2dev/object.h
++++ b/fig2dev/object.h
+@@ -61,7 +61,7 @@ typedef struct f_comment {
+ 	o->style < SOLID_LINE || o->style > DASH_3_DOTS_LINE ||		\
+ 	o->thickness < 0 || o->depth < 0 || o->depth > 999 || 		\
+ 	o->fill_style < UNFILLED ||					\
+-	o->fill_style > NUMSHADES + NUMTINTS + NUMPATTERNS ||		\
++	o->fill_style >= NUMSHADES + NUMTINTS + NUMPATTERNS ||		\
+ 	o->style_val < 0.0
+ 
+ typedef struct f_ellipse {
+diff --git a/fig2dev/tests/read.at b/fig2dev/tests/read.at
+index d85356b..7765805 100644
+--- a/fig2dev/tests/read.at
++++ b/fig2dev/tests/read.at
+@@ -421,15 +421,30 @@ AT_CLEANUP
+ 
+ AT_SETUP([reject ASCII NUL ('\0') in input, ticket #80])
+ AT_KEYWORDS([read.c svg])
+-AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig], 1, ignore, ignore)
++AT_CHECK([fig2dev -L svg $srcdir/data/text_w_ascii0.fig],
++1, ignore, [ASCII NUL ('\0') in line 11.
++])
+ AT_CLEANUP
+ 
+ AT_SETUP([reject out of range text angle, ticket #76])
++AT_KEYWORDS([read.c pstricks])
+ AT_CHECK([fig2dev -L pstricks <<EOF
+ FIG_FILE_TOP
+ 4 0 0 50 -1 -1 12 9e26 0 150 405 0 0 Very slanted text\001
+ EOF
+-], 1, ignore, ignore)
++], 1, ignore, [Invalid text object at line 10.
++])
++AT_CLEANUP
++
++AT_SETUP([reject out-of-range pattern fills, ticket #63])
++AT_KEYWORDS([read.c cgm])
++AT_CHECK([fig2dev -L cgm <<EOF
++FIG_FILE_TOP
++2 3 0 0 0 7 50 -1 63 0.000 0 0 -1 0 0 4
++	 0 0 1200 0 600 800 0 0
++EOF
++], 1, ignore, [Invalid line object at line 10.
++])
+ AT_CLEANUP
+ 
+ AT_SETUP([allow tex font -1, ticket #81])
+-- 
+2.31.1
+
diff --git a/transfig.spec b/transfig.spec
index f99aee4..f145ca6 100644
--- a/transfig.spec
+++ b/transfig.spec
@@ -22,6 +22,7 @@ Patch12:  0012-CVE-2020-21678-CVE-2020-21684.patch
 Patch13:  0013-CVE-2020-21676.patch
 Patch14:  0014-CVE-2020-21529.patch
 Patch15:  0015-CVE-2020-21532.patch
+Patch16:  0016-CVE-2020-21531.patch
 
 Requires:	ghostscript
 Requires:	bc
@@ -77,6 +78,7 @@ mv fig2dev.1.in.new man/fig2dev.1.in
 * Mon Sep 20 2021 Ondrej Dubaj <odubaj@redhat.com> - 1:3.2.7b-8
 - Fixed CVE-2020-21529 (#2005518)
 - Fixed CVE-2020-21532 (#2006007)
+- Fixed CVE-2020-21531 (#2006002)
 
 * Mon Aug 30 2021 Ondrej Dubaj <odubaj@redhat.com> - 1:3.2.7b-7
 - Fixed CVE-2020-21681 (#1998350)