diff -Nru exiv2-0.25/debian/changelog exiv2-0.25/debian/changelog
--- exiv2-0.25/debian/changelog	2019-10-16 19:46:48.000000000 +0000
+++ exiv2-0.25/debian/changelog	2020-02-04 15:37:33.000000000 +0000
@@ -1,3 +1,12 @@
+exiv2 (0.25-3.1ubuntu0.18.04.5) bionic-security; urgency=medium
+
+   * SECURITY UPDATE: Denial of service
+     - debian/patches/CVE-2019-20421.patch: fix_1011_jp2_readmetadata_loop
+       in src/jp2image.cpp.
+     - CVE-2019-20421
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Tue, 04 Feb 2020 12:37:33 -0300
+
 exiv2 (0.25-3.1ubuntu0.18.04.4) bionic-security; urgency=medium
 
    * SECURITY UPDATE: Denial of service
diff -Nru exiv2-0.25/debian/patches/CVE-2019-20421.patch exiv2-0.25/debian/patches/CVE-2019-20421.patch
--- exiv2-0.25/debian/patches/CVE-2019-20421.patch	1970-01-01 00:00:00.000000000 +0000
+++ exiv2-0.25/debian/patches/CVE-2019-20421.patch	2020-02-04 15:37:27.000000000 +0000
@@ -0,0 +1,61 @@
+Backported of:
+
+From 1b917c3f7dd86336a9f6fda4456422c419dfe88c Mon Sep 17 00:00:00 2001
+From: clanmills <robin@clanmills.com>
+Date: Tue, 1 Oct 2019 17:39:44 +0100
+Subject: [PATCH] Fix #1011 fix_1011_jp2_readmetadata_loop
+
+---
+ src/jp2image.cpp | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index 5056bb6..52af308 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -141,6 +141,16 @@ namespace Exiv2
+         throw(Error(32, "Image comment", "JP2"));
+     } // Jp2Image::setComment
+ 
++static void boxes_check(size_t b,size_t m)
++{
++    if ( b > m ) {
++#ifdef EXIV2_DEBUG_MESSAGES
++        std::cout << "Exiv2::Jp2Image::readMetadata box maximum exceeded" << std::endl;
++#endif
++        throw Error(kerCorruptedMetadata);
++    }
++}
++
+     void Jp2Image::readMetadata()
+     {
+ #ifdef DEBUG
+@@ -163,9 +173,12 @@ namespace Exiv2
+         Jp2BoxHeader      subBox    = {0,0};
+         Jp2ImageHeaderBox ihdr      = {0,0,0,0,0,0,0,0};
+         Jp2UuidBox        uuid      = {{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
++        size_t            boxes     = 0 ;
++        size_t            boxem     = 1000 ; // boxes max
+ 
+         while (io_->read((byte*)&box, sizeof(box)) == sizeof(box))
+         {
++            boxes_check(boxes++,boxem );
+             position      = io_->tell();
+             box.boxLength = getLong((byte*)&box.boxLength, bigEndian);
+ #ifdef DEBUG
+@@ -198,8 +211,12 @@ namespace Exiv2
+ 
+                     if (io_->read((byte*)&subBox, sizeof(subBox)) == sizeof(subBox))
+                     {
++                        boxes_check(boxes++, boxem) ;
+                         subBox.boxLength = getLong((byte*)&subBox.boxLength, bigEndian);
+                         subBox.boxType   = getLong((byte*)&subBox.boxType, bigEndian);
++                        if (subBox.boxLength > io_->size() ) {
++                            throw Error(kerCorruptedMetadata);
++                        }
+ 
+                         if((subBox.boxType == kJp2BoxTypeImageHeader) &&
+                            (io_->read((byte*)&ihdr, sizeof(ihdr)) == sizeof(ihdr)))
+-- 
+2.22.0
+
diff -Nru exiv2-0.25/debian/patches/series exiv2-0.25/debian/patches/series
--- exiv2-0.25/debian/patches/series	2019-10-16 19:46:42.000000000 +0000
+++ exiv2-0.25/debian/patches/series	2020-02-04 15:37:28.000000000 +0000
@@ -28,3 +28,4 @@
 CVE-2019-13113.patch
 CVE-2019-13114.patch
 CVE-2019-17402.patch
+CVE-2019-20421.patch