diff -Nru exiv2-0.25/debian/changelog exiv2-0.25/debian/changelog
--- exiv2-0.25/debian/changelog	2019-07-10 11:59:47.000000000 +0000
+++ exiv2-0.25/debian/changelog	2019-10-16 19:46:48.000000000 +0000
@@ -1,3 +1,12 @@
+exiv2 (0.25-3.1ubuntu0.18.04.4) bionic-security; urgency=medium
+
+   * SECURITY UPDATE: Denial of service
+     - debian/patches/CVE-2019-17402.patch: check offset and size
+       against total size in src/crwimage.cpp.
+     - CVE-2019-17402
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 16 Oct 2019 16:46:48 -0300
+
 exiv2 (0.25-3.1ubuntu0.18.04.3) bionic-security; urgency=medium
 
    * SECURITY UPDATE: Integer overflow
diff -Nru exiv2-0.25/debian/patches/CVE-2019-17402.patch exiv2-0.25/debian/patches/CVE-2019-17402.patch
--- exiv2-0.25/debian/patches/CVE-2019-17402.patch	1970-01-01 00:00:00.000000000 +0000
+++ exiv2-0.25/debian/patches/CVE-2019-17402.patch	2019-10-16 19:46:28.000000000 +0000
@@ -0,0 +1,27 @@
+Backported of:
+
+From b7890776c62398ca1005e8edc32786859d60fcf7 Mon Sep 17 00:00:00 2001
+From: Jens Georg <mail@jensge.org>
+Date: Sun, 6 Oct 2019 15:05:20 +0200
+Subject: [PATCH] crwimage: Check offset and size against total size
+
+Corrupted or specially crafted CRW images might exceed the overall
+buffersize.
+
+Fixes #1019
+
+(cherry picked from commit 683451567284005cd24e1ccb0a76ca401000968b)
+diff --git a/src/crwimage.cpp b/src/crwimage.cpp
+index 5ccf3b1..7fc3d61 100644
+--- a/src/crwimage.cpp
++++ b/src/crwimage.cpp
+@@ -437,6 +437,9 @@ namespace Exiv2 {
+ #ifdef DEBUG
+         std::cout << "Reading directory 0x" << std::hex << tag() << "\n";
+ #endif
++        if (this->offset() + this->size() > size)
++            throw Error(kerOffsetOutOfRange);
++
+         readDirectory(pData + offset(), this->size(), byteOrder);
+ #ifdef DEBUG
+         std::cout << "<---- 0x" << std::hex << tag() << "\n";
diff -Nru exiv2-0.25/debian/patches/series exiv2-0.25/debian/patches/series
--- exiv2-0.25/debian/patches/series	2019-07-10 11:59:47.000000000 +0000
+++ exiv2-0.25/debian/patches/series	2019-10-16 19:46:42.000000000 +0000
@@ -27,3 +27,4 @@
 0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch
 CVE-2019-13113.patch
 CVE-2019-13114.patch
+CVE-2019-17402.patch