diff --git a/openjpeg-1.5.1-CVE-2013-6045.patch b/openjpeg-1.5.1-CVE-2013-6045.patch
index f45566f..fb970b7 100644
--- a/openjpeg-1.5.1-CVE-2013-6045.patch
+++ b/openjpeg-1.5.1-CVE-2013-6045.patch
@@ -1,60 +1,17 @@
-diff -up openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6045 openjpeg-1.5.1/libopenjpeg/j2k.c
---- openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6045	2014-01-07 15:11:30.622278207 -0600
-+++ openjpeg-1.5.1/libopenjpeg/j2k.c	2014-01-07 15:11:30.626278165 -0600
-@@ -1076,6 +1076,17 @@ static void j2k_read_poc(opj_j2k_t *j2k)
- 	tcp->POC = 1;
- 	len = cio_read(cio, 2);		/* Lpoc */
- 	numpchgs = (len - 2) / (5 + 2 * (numcomps <= 256 ? 1 : 2));
-+
-+	{
-+		/* old_poc < 0 "just in case" */
-+		int maxpocs = (sizeof(tcp->pocs)/sizeof(tcp->pocs[0]));
-+		if ((old_poc < 0) || ((numpchgs + old_poc) >= maxpocs)) {
-+			opj_event_msg(j2k->cinfo, EVT_ERROR,
-+				"JPWL: bad number of progression order changes (%d out of a maximum of %d)\n",
-+				(numpchgs + old_poc), maxpocs);
-+			return;
-+		}
-+	}
- 	
- 	for (i = old_poc; i < numpchgs + old_poc; i++) {
- 		opj_poc_t *poc;
-@@ -1622,6 +1633,14 @@ static void j2k_read_rgn(opj_j2k_t *j2k)
-     return;
-   }
+diff -Naur openjpeg-1.5.1.orig/libopenjpeg/tcd.c openjpeg-1.5.1/libopenjpeg/tcd.c
+--- openjpeg-1.5.1.orig/libopenjpeg/tcd.c	2012-09-13 09:58:39.000000000 +0200
++++ openjpeg-1.5.1/libopenjpeg/tcd.c	2014-03-27 11:58:08.000000000 +0100
+@@ -1447,6 +1456,13 @@
+ 		int n = (tile->comps[0].x1 - tile->comps[0].x0) * (tile->comps[0].y1 - tile->comps[0].y0);
  
-+	/* totlen is negative or larger than the bytes left!!! */
-+	if (compno >= numcomps) {
-+		opj_event_msg(j2k->cinfo, EVT_ERROR,
-+			"JPWL: bad component number in RGN (%d when there are only %d)\n",
-+			compno, numcomps);
-+		return;
-+	}
-+
- 	tcp->tccps[compno].roishift = cio_read(cio, 1);				/* SPrgn */
- }
- 
-diff -up openjpeg-1.5.1/libopenjpeg/tcd.c.CVE-2013-6045 openjpeg-1.5.1/libopenjpeg/tcd.c
---- openjpeg-1.5.1/libopenjpeg/tcd.c.CVE-2013-6045	2012-09-13 02:58:39.000000000 -0500
-+++ openjpeg-1.5.1/libopenjpeg/tcd.c	2014-01-07 15:11:30.626278165 -0600
-@@ -1394,10 +1394,19 @@ opj_bool tcd_decode_tile(opj_tcd_t *tcd,
-         return OPJ_FALSE;
-     }
- 
-+	int comp0size = (tile->comps[0].x1 - tile->comps[0].x0) * (tile->comps[0].y1 - tile->comps[0].y0);
- 	for (compno = 0; compno < tile->numcomps; ++compno) {
- 		opj_tcd_tilecomp_t* tilec = &tile->comps[compno];
-+		int compcsize = ((tilec->x1 - tilec->x0) * (tilec->y1 - tilec->y0));
-+		/* Later-on it is assumed that all components are of at least comp0size blocks */
-+		if (compcsize < comp0size)
-+		{
-+			opj_event_msg(tcd->cinfo, EVT_ERROR, "Error decoding tile. Component %d contains only %d blocks "
-+				"while component 0 has %d blocks\n", compno, compcsize, comp0size);
-+			return OPJ_FALSE;
-+		}
- 		/* The +3 is headroom required by the vectorized DWT */
--		tilec->data = (int*) opj_aligned_malloc((((tilec->x1 - tilec->x0) * (tilec->y1 - tilec->y0))+3) * sizeof(int));
-+		tilec->data = (int*) opj_aligned_malloc((comp0size+3) * sizeof(int));
-         if (tilec->data == NULL)
-         {
-             opj_event_msg(tcd->cinfo, EVT_ERROR, "Out of memory\n");
+ 		if (tile->numcomps >= 3 ){
++      /* testcase 1336.pdf.asan.47.376 */
++      if ((tile->comps[0].x1 - tile->comps[0].x0) * (tile->comps[0].y1 - tile->comps[0].y0) < n ||
++        (  tile->comps[1].x1 - tile->comps[1].x0) * (tile->comps[1].y1 - tile->comps[1].y0) < n ||
++        (  tile->comps[2].x1 - tile->comps[2].x0) * (tile->comps[2].y1 - tile->comps[2].y0) < n) {
++        opj_event_msg(tcd->cinfo, EVT_ERROR, "Tiles don't all have the same dimension. Skip the MCT step.\n");
++        return OPJ_FALSE;
++      }
+ 			if (tcd->tcp->tccps[0].qmfbid == 1) {
+ 				mct_decode(
+ 						tile->comps[0].data,
diff --git a/openjpeg-1.5.1-offset-check.patch b/openjpeg-1.5.1-offset-check.patch
new file mode 100644
index 0000000..cd4f02b
--- /dev/null
+++ b/openjpeg-1.5.1-offset-check.patch
@@ -0,0 +1,32 @@
+diff -Naur openjpeg-1.5.1.orig/libopenjpeg/tcd.c openjpeg-1.5.1/libopenjpeg/tcd.c
+--- openjpeg-1.5.1.orig/libopenjpeg/tcd.c	2012-09-13 09:58:39.000000000 +0200
++++ openjpeg-1.5.1/libopenjpeg/tcd.c	2014-03-27 11:58:08.000000000 +0100
+@@ -32,6 +32,7 @@
+ 
+ #define _ISOC99_SOURCE /* lrintf is C99 */
+ #include "opj_includes.h"
++#include <assert.h>
+ 
+ void tcd_dump(FILE *fd, opj_tcd_t *tcd, opj_tcd_image_t * img) {
+ 	int tileno, compno, resno, bandno, precno;/*, cblkno;*/
+@@ -1478,10 +1494,19 @@
+ 		int tw = tilec->x1 - tilec->x0;
+ 		int w = imagec->w;
+ 
++		int i, j;
+ 		int offset_x = int_ceildivpow2(imagec->x0, imagec->factor);
+ 		int offset_y = int_ceildivpow2(imagec->y0, imagec->factor);
++    /* NR-DEC-2977.pdf.asan.67.2198.jp2-52-decode */
++    if( res->x0 - offset_x < 0 || res->x1 - offset_x < 0
++     || res->y0 - offset_y < 0 || res->y1 - offset_y < 0 )
++      {
++      opj_event_msg(tcd->cinfo, EVT_ERROR, "Impossible offsets %d / %d\n", offset_x, offset_y);
++      return OPJ_FALSE;
++      }
++    assert( 0 <= res->x0 - offset_x && 0 <= res->x1 - offset_x );
++    assert( 0 <= res->y0 - offset_y && 0 <= res->y1 - offset_y );
+ 
+-		int i, j;
+ 		if(!imagec->data){
+ 			imagec->data = (int*) opj_malloc(imagec->w * imagec->h * sizeof(int));
+ 		}
diff --git a/openjpeg.spec b/openjpeg.spec
index 2a62a58..0f29a97 100644
--- a/openjpeg.spec
+++ b/openjpeg.spec
@@ -9,7 +9,7 @@
 
 Name:    openjpeg
 Version: 1.5.1
-Release: 12%{?dist}
+Release: 13%{?dist}
 Summary: JPEG 2000 command line tools
 
 License: BSD
@@ -23,6 +23,8 @@ Source1: data.tar.xz
 
 # revert soname bump compared to 1.5.0 release (for now)
 Patch1: openjpeg-1.5.1-soname.patch
+# 1.5.2 -> 1.5.1 backport
+Patch2: openjpeg-1.5.1-offset-check.patch
 
 ## upstreamable patches
 Patch50: openjpeg-1.5.1-cmake_libdir.patch
@@ -51,7 +53,6 @@ Patch203: openjpeg-1.5.1-CVE-2013-1447.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1037948
 Patch204: openjpeg-1.5.1-CVE-2013-6887.patch
 
-
 %if 0%{?cmake_build}
 BuildRequires: cmake
 %else
@@ -95,6 +96,8 @@ BuildArch: noarch
 %setup -q %{?runcheck:-a 1}
 
 %patch1 -p1 -b .soname
+%patch2 -p1 -b .offset
+
 %if 0%{?cmake_build}
 %patch50 -p1 -b .cmake_libdir
 %else
@@ -110,7 +113,7 @@ autoreconf -i -f
 
 %patch200 -p1 -b .CVE-2013-6052
 %patch201 -p1 -b .CVE-2013-6053
-#patch202 -p1 -b .CVE-2013-6045
+%patch202 -p1 -b .CVE-2013-6045
 %patch203 -p1 -b .CVE-2013-1447
 %patch204 -p1 -b .CVE-2013-6887
 
@@ -203,6 +206,10 @@ make test -C %{_target_platform}
 
 
 %changelog
+* Wed Oct 08 2014 Jaromir Capik <jcapik@redhat.com> - 1.5.1-13
+- Reworked fix for CVE-2013-6045 (#1093379)
+- Offset check (1.5.2 -> 1.5.1 backport)
+
 * Thu Sep 04 2014 Petr Hracek <phracek@redhat.com> - 1.5.1-12
 - OpenJPEG does not provide some binaries (#1138141)