diff --git a/ChangeLog.md b/ChangeLog.md
index bd5e0d37..07b88082 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -14,6 +14,10 @@ libjpeg-turbo shared libraries.
 occurred when attempting to load a BMP file with more than 1 billion pixels
 using the `tjLoadImage()` function.
 
+3. Fixed a buffer overrun (CVE-2018-19664) that occurred when attempting to
+decompress a specially-crafted malformed JPEG image to a 256-color BMP using
+djpeg.
+
 
 2.0.1
 =====
diff --git a/wrbmp.c b/wrbmp.c
index 4bf81426..239f64eb 100644
--- a/wrbmp.c
+++ b/wrbmp.c
@@ -502,8 +502,9 @@ jinit_write_bmp(j_decompress_ptr cinfo, boolean is_os2,
       dest->pub.put_pixel_rows = put_gray_rows;
     else
       dest->pub.put_pixel_rows = put_pixel_rows;
-  } else if (cinfo->out_color_space == JCS_RGB565 ||
-             cinfo->out_color_space == JCS_CMYK) {
+  } else if (!cinfo->quantize_colors &&
+             (cinfo->out_color_space == JCS_RGB565 ||
+              cinfo->out_color_space == JCS_CMYK)) {
     dest->pub.put_pixel_rows = put_pixel_rows;
   } else {
     ERREXIT(cinfo, JERR_BMP_COLORSPACE);