diff --git a/vorbis-tools-1.4.0-CVE-2015-6749.patch b/vorbis-tools-1.4.0-CVE-2015-6749.patch
new file mode 100644
index 0000000..02a1e8c
--- /dev/null
+++ b/vorbis-tools-1.4.0-CVE-2015-6749.patch
@@ -0,0 +1,43 @@
+From 16d10a1c957425a49cf74332b99cf3d39e80cc09 Mon Sep 17 00:00:00 2001
+From: Mark Harris <mark.hsj@gmail.com>
+Date: Sun, 30 Aug 2015 05:54:46 -0700
+Subject: [PATCH] oggenc: Fix large alloca on bad AIFF input
+
+Fixes #2212
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ oggenc/audio.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/oggenc/audio.c b/oggenc/audio.c
+index 1cbb214..547e826 100644
+--- a/oggenc/audio.c
++++ b/oggenc/audio.c
+@@ -246,8 +246,8 @@ static int aiff_permute_matrix[6][6] =
+ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
+ {
+     int aifc; /* AIFC or AIFF? */
+-    unsigned int len;
+-    unsigned char *buffer;
++    unsigned int len, readlen;
++    unsigned char buffer[22];
+     unsigned char buf2[8];
+     aiff_fmt format;
+     aifffile *aiff = malloc(sizeof(aifffile));
+@@ -271,9 +271,9 @@ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
+         return 0; /* Weird common chunk */
+     }
+ 
+-    buffer = alloca(len);
+-
+-    if(fread(buffer,1,len,in) < len)
++    readlen = len < sizeof(buffer) ? len : sizeof(buffer);
++    if(fread(buffer,1,readlen,in) < readlen ||
++       (len > readlen && !seek_forward(in, len-readlen)))
+     {
+         fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF header\n"));
+         return 0;
+-- 
+2.4.6
+
diff --git a/vorbis-tools.spec b/vorbis-tools.spec
index 457fbbd..4376a4e 100644
--- a/vorbis-tools.spec
+++ b/vorbis-tools.spec
@@ -1,7 +1,7 @@
 Summary:	The Vorbis General Audio Compression Codec tools
 Name:		vorbis-tools
 Version:	1.4.0
-Release:	21%{?dist}
+Release:	22%{?dist}
 Epoch:		1
 Group:		Applications/Multimedia
 License:	GPLv2
@@ -24,6 +24,9 @@ Patch4:		vorbis-tools-1.4.0-bz1185558.patch
 # validate count of channels in the header (CVE-2014-9638 and CVE-2014-9639)
 Patch5:		vorbis-tools-1.4.0-CVE-2014-9638-CVE-2014-9639.patch
 
+# oggenc: fix large alloca on bad AIFF input (CVE-2015-6749)
+Patch6:		vorbis-tools-1.4.0-CVE-2015-6749.patch
+
 BuildRequires:	flac-devel
 BuildRequires:	gettext
 BuildRequires:	libao-devel
@@ -50,6 +53,7 @@ comment editor.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 
 %build
@@ -77,6 +81,9 @@ rm -rf $RPM_BUILD_ROOT%{_docdir}/%{name}*
 
 
 %changelog
+* Mon Aug 31 2015 Kamil Dudka <kdudka@redhat.com> - 1:1.4.0-22
+- oggenc: fix large alloca on bad AIFF input (CVE-2015-6749)
+
 * Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.4.0-21
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild