diff --git a/pkgs/development/libraries/libwebp/default.nix b/pkgs/development/libraries/libwebp/default.nix
index dff7abc7dd5..65fa55a787e 100644
--- a/pkgs/development/libraries/libwebp/default.nix
+++ b/pkgs/development/libraries/libwebp/default.nix
@@ -1,4 +1,5 @@
 { lib, stdenv, fetchFromGitHub, autoreconfHook, libtool
+, fetchpatch
 , threadingSupport ? true # multi-threading
 , openglSupport ? false, freeglut, libGL, libGLU # OpenGL (required for vwebp)
 , pngSupport ? true, libpng # PNG image format
@@ -36,6 +37,15 @@ stdenv.mkDerivation rec {
     hash   = "sha256-nhXkq+qKpaa75YQB/W/cRozslTIFPdXeqj1y6emQeHk=";
   };
 
+  patches = [
+    # https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#MFSA-TMP-2023-0001
+    (fetchpatch {
+      url = "https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129.patch";
+      name = "fix-msfa-tmp-2023-0001.patch";
+      hash = "sha256-TRKXpNkYVzftBw09mX+WeQRhRoOzBgXFTNZBzSdCKvc=";
+    })
+  ];
+
   configureFlags = [
     (lib.enableFeature threadingSupport "threading")
     (lib.enableFeature openglSupport "gl")