diff --git a/pkgs/development/libraries/zziplib/default.nix b/pkgs/development/libraries/zziplib/default.nix
index 6aede4e9653f58..010c73336b9244 100644
--- a/pkgs/development/libraries/zziplib/default.nix
+++ b/pkgs/development/libraries/zziplib/default.nix
@@ -1,4 +1,4 @@
-{ docbook_xml_dtd_412, fetchurl, stdenv, perl, python2, zip, xmlto, zlib }:
+{ docbook_xml_dtd_412, fetchurl, stdenv, perl, python2, zip, xmlto, zlib, fetchpatch }:
 
 stdenv.mkDerivation rec {
   name = "zziplib-${version}";
@@ -9,6 +9,13 @@ stdenv.mkDerivation rec {
     sha256 = "0i052a7shww0fzsxrdp3rd7g4mbzx7324a8ysbc0br7frpblcql4";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2018-17828.patch";
+      url = "https://github.com/gdraheim/zziplib/commit/f609ae8971f3c0ce6.diff";
+      sha256 = "0jhiz4fgr93wzh6q03avn95b2nsf6402jaki6hxirxyhs5v9ahry";
+    })
+  ];
   postPatch = ''
     sed -i -e s,--export-dynamic,, configure
   '';