diff --git a/patches/patch.2018.mp4.txt b/patches/patch.2018.mp4.txt
new file mode 100644
index 0000000..d2f9e64
--- /dev/null
+++ b/patches/patch.2018.mp4.txt
@@ -0,0 +1,16 @@
+--- src/http/modules/ngx_http_mp4_module.c
++++ src/http/modules/ngx_http_mp4_module.c
+@@ -942,6 +942,13 @@ ngx_http_mp4_read_atom(ngx_http_mp4_file
+                 atom_size = ngx_mp4_get_64value(atom_header + 8);
+                 atom_header_size = sizeof(ngx_mp4_atom_header64_t);
+ 
++                if (atom_size < sizeof(ngx_mp4_atom_header64_t)) {
++                    ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                                  "\"%s\" mp4 atom is too small:%uL",
++                                  mp4->file.name.data, atom_size);
++                    return NGX_ERROR;
++                }
++
+             } else {
+                 ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+                               "\"%s\" mp4 atom is too small:%uL",
diff --git a/util/mirror-tarballs b/util/mirror-tarballs
index 8c08c91..116fe61 100755
--- a/util/mirror-tarballs
+++ b/util/mirror-tarballs
@@ -404,6 +404,20 @@ if [ "$main_ver" = "1.13.6" ]; then
     echo
 fi
 
+answer=`$root/util/ver-ge "$main_ver" 1.14.1`
+if [ "$answer" = "N" ]; then
+    echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16845)"
+    patch -p0 < $root/patches/patch.2018.mp4.txt || exit 1
+    echo
+else
+    answer=`$root/util/ver-ge "$main_ver" 1.15.6`
+    if [ "$answer" = "N" ]; then
+        echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16845)"
+        patch -p0 < $root/patches/patch.2018.mp4.txt || exit 1
+        echo
+    fi
+fi
+
 rm -f *.patch || exit 1
 
 echo "$info_txt applying the always_enable_cc_feature_tests patch to nginx"