diff --git a/pkgs/tools/text/catdoc/default.nix b/pkgs/tools/text/catdoc/default.nix
index fb0309e75325..2a06b25b11da 100644
--- a/pkgs/tools/text/catdoc/default.nix
+++ b/pkgs/tools/text/catdoc/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl }:
+{ stdenv, fetchurl, fetchpatch }:
 
 stdenv.mkDerivation rec {
   name = "catdoc-${version}";
@@ -9,6 +9,13 @@ stdenv.mkDerivation rec {
     sha256 = "514a84180352b6bf367c1d2499819dfa82b60d8c45777432fa643a5ed7d80796";
   };
 
+  patches = [
+    (fetchpatch {
+      url = "https://anonscm.debian.org/git/collab-maint/catdoc.git/diff/debian/patches/05-CVE-2017-11110.patch?id=21dd5b29b11be04149587657dd90253f52dfef0b";
+      sha256 = "0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73";
+    })
+  ];
+
   configureFlags = "--disable-wordview";
 
   meta = with stdenv.lib; {