diff --git a/pkgs/development/libraries/libraw/default.nix b/pkgs/development/libraries/libraw/default.nix
index 26d7616ba8f00..b03be435aac51 100644
--- a/pkgs/development/libraries/libraw/default.nix
+++ b/pkgs/development/libraries/libraw/default.nix
@@ -1,4 +1,18 @@
-{ lib, stdenv, fetchFromGitHub, autoreconfHook, lcms2, pkg-config }:
+{ lib
+, stdenv
+, fetchFromGitHub
+, fetchpatch
+, autoreconfHook
+, lcms2
+, pkg-config
+
+# for passthru.tests
+, deepin
+, freeimage
+, hdrmerge
+, imagemagick
+, python3
+}:
 
 stdenv.mkDerivation rec {
   pname = "libraw";
@@ -11,6 +25,14 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-K9mULf6V/TCl5Vu4iuIdSGF9HzQlgNQLRFHIpNbmAlY";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-1729.patch";
+      url = "https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93.patch";
+      hash = "sha256-OAyqphxvtSM15NI77HwtGTmTmP9YNu3xhZ6D1CceJ7I=";
+    })
+  ];
+
   outputs = [ "out" "lib" "dev" "doc" ];
 
   propagatedBuildInputs = [ lcms2 ];
@@ -19,6 +41,12 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  passthru.tests = {
+    inherit imagemagick hdrmerge freeimage;
+    inherit (deepin) deepin-image-viewer;
+    inherit (python3.pkgs) rawkit;
+  };
+
   meta = with lib; {
     description = "Library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others)";
     homepage = "https://www.libraw.org/";