diff --git a/pkgs/development/libraries/imlib/default.nix b/pkgs/development/libraries/imlib/default.nix
index a6281156afa..e476bc22eca 100644
--- a/pkgs/development/libraries/imlib/default.nix
+++ b/pkgs/development/libraries/imlib/default.nix
@@ -1,4 +1,4 @@
-{stdenv, fetchurl, libX11, libXext, xorgproto, libjpeg, libungif, libtiff, libpng}:
+{stdenv, fetchurl, fetchpatch, libX11, libXext, xorgproto, libjpeg, libungif, libtiff, libpng}:
 
 stdenv.mkDerivation {
   name = "imlib-1.9.15";
@@ -7,6 +7,14 @@ stdenv.mkDerivation {
     sha256 = "0ggjxyvgp4pxc0b88v40xj9daz90518ydnycw7qax011gxpr12d3";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2007-3568.patch";
+      url = https://gitweb.gentoo.org/repo/gentoo.git/plain/media-libs/imlib/files/imlib-1.9.15-bpp16-CVE-2007-3568.patch;
+      sha256 = "0lxfibi094gki39sq1w4p0hcx25xlk0875agbhjkjngzx862wvbg";
+    })
+  ];
+
   configureFlags = [
     "--disable-shm"
     "--x-includes=${libX11.dev}/include"