diff --git a/pkgs/development/libraries/libarchive/default.nix b/pkgs/development/libraries/libarchive/default.nix
index 029be971ac17..f2a1c500a8be 100644
--- a/pkgs/development/libraries/libarchive/default.nix
+++ b/pkgs/development/libraries/libarchive/default.nix
@@ -17,6 +17,21 @@ stdenv.mkDerivation rec {
     sha256 = "0bhfncid058p7n1n8v29l6wxm3mhdqfassscihbsxfwz3iwb2zms";
   };
 
+  patches = [
+    (fetchpatch {
+      # details: https://github.com/libarchive/libarchive/pull/1105
+      name = "cve-2018-1000877.diff"; # CVE-2018-1000877..80
+      url = "https://github.com/libarchive/libarchive/pull/1105.diff";
+      sha256 = "0mxcawfdy9m40mykzwhkl39a6vnh4ypgy0ipcz74qm4bi72x0gyf";
+    })
+    (fetchpatch {
+      # details: https://github.com/libarchive/libarchive/pull/1120
+      name = "cve-2019-1000019_cve-2019-1000020.diff";
+      url = "https://github.com/libarchive/libarchive/pull/1120.diff";
+      sha256 = "1mgx92v8hm7hw9j34nbfriqfkxshh3cy25rhavr7kl7lz4x5a6g4";
+    })
+  ];
+
   outputs = [ "out" "lib" "dev" ];
 
   nativeBuildInputs = [ pkgconfig ];