diff --git a/pkgs/applications/graphics/dia/CVE-2019-19451.patch b/pkgs/applications/graphics/dia/CVE-2019-19451.patch
new file mode 100644
index 00000000000..28d6598330a
--- /dev/null
+++ b/pkgs/applications/graphics/dia/CVE-2019-19451.patch
@@ -0,0 +1,11 @@
+diff -ru a/app/app_procs.c b/app/app_procs.c
+--- a/app/app_procs.c	2021-01-30 11:09:52.000000000 -0500
++++ b/app/app_procs.c	2021-01-30 11:11:05.000000000 -0500
+@@ -785,6 +785,7 @@
+ 
+ 	if (!filename) {
+ 	  g_print (_("Filename conversion failed: %s\n"), filenames[i]);
++	  ++i;
+ 	  continue;
+ 	}
+ 
diff --git a/pkgs/applications/graphics/dia/default.nix b/pkgs/applications/graphics/dia/default.nix
index 6fe8aed8f67..d9de3eb7fc1 100644
--- a/pkgs/applications/graphics/dia/default.nix
+++ b/pkgs/applications/graphics/dia/default.nix
@@ -13,6 +13,10 @@ stdenv.mkDerivation {
     sha256 = "1fyxfrzdcs6blxhkw3bcgkksaf3byrsj4cbyrqgb4869k3ynap96";
   };
 
+  patches = [
+    ./CVE-2019-19451.patch
+  ];
+
   buildInputs =
     [ gtk2 libxml2 gettext python libxml2Python docbook5
       libxslt docbook_xsl libart_lgpl ]