diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix
index 3ac564f2c082..4f220ee7717e 100644
--- a/pkgs/tools/security/opensc/default.nix
+++ b/pkgs/tools/security/opensc/default.nix
@@ -27,6 +27,11 @@ stdenv.mkDerivation rec {
       url = "https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68.patch";
       sha256 = "088i2i1fkvdxnywmb54bn4283vhbxx6i2632b34ss5dh7k080hp7";
     })
+    (fetchpatch {
+      name = "CVE-2019-15946.patch";
+      url = "https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740.patch";
+      sha256 = "1qr9n8cbarrdn4kr5z0ys7flq50hfmcbm8584mhw7r39p08qwmvq";
+    })
   ];
 
   nativeBuildInputs = [ pkgconfig autoreconfHook ];