diff --git a/gnu/local.mk b/gnu/local.mk
index 1a84e5b499..2286aceade 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1312,6 +1312,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/guile-rsvg-pkgconfig.patch		\
   %D%/packages/patches/guile-emacs-fix-configure.patch		\
   %D%/packages/patches/gtk2-fix-builder-test.patch		\
+  %D%/packages/patches/gtk2-harden-list-store.patch		\
   %D%/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch	\
   %D%/packages/patches/gtk2-respect-GUIX_GTK2_IM_MODULE_FILE.patch \
   %D%/packages/patches/gtk2-theme-paths.patch			\
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 8ea84dbe3c..b45c1466ef 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -897,6 +897,7 @@ (define-public gtk+-2
                 "1nn6kks1zyvb5xikr9y2k7r9bwjy1g4b0m0s66532bclymbwfamc"))
               (patches (search-patches "gtk2-respect-GUIX_GTK2_PATH.patch"
                                        "gtk2-respect-GUIX_GTK2_IM_MODULE_FILE.patch"
+                                       "gtk2-harden-list-store.patch"
                                        "gtk2-theme-paths.patch"
                                        "gtk2-fix-builder-test.patch"))))
     (build-system gnu-build-system)
diff --git a/gnu/packages/patches/gtk2-harden-list-store.patch b/gnu/packages/patches/gtk2-harden-list-store.patch
new file mode 100644
index 0000000000..f49dc3bc77
--- /dev/null
+++ b/gnu/packages/patches/gtk2-harden-list-store.patch
@@ -0,0 +1,42 @@
+Backport the implementation of gtk_list_store_iter_is_valid from gtk+-3.
+
+Index: gtk+-2.24.33/gtk/gtkliststore.c
+===================================================================
+--- gtk+-2.24.33.orig/gtk/gtkliststore.c
++++ gtk+-2.24.33/gtk/gtkliststore.c
+@@ -1195,16 +1195,31 @@ gboolean
+ gtk_list_store_iter_is_valid (GtkListStore *list_store,
+                               GtkTreeIter  *iter)
+ {
++  GSequenceIter *seq_iter;
++
+   g_return_val_if_fail (GTK_IS_LIST_STORE (list_store), FALSE);
+   g_return_val_if_fail (iter != NULL, FALSE);
+ 
+-  if (!VALID_ITER (iter, list_store))
+-    return FALSE;
++  /* can't use VALID_ITER() here, because iter might point
++   * to random memory.
++   *
++   * We MUST NOT dereference it.
++   */
+ 
+-  if (g_sequence_iter_get_sequence (iter->user_data) != list_store->seq)
++  if (iter == NULL ||
++      iter->user_data == NULL ||
++      list_store->stamp != iter->stamp)
+     return FALSE;
+ 
+-  return TRUE;
++  for (seq_iter = g_sequence_get_begin_iter (list_store->seq);
++       !g_sequence_iter_is_end (seq_iter);
++       seq_iter = g_sequence_iter_next (seq_iter))
++    {
++      if (seq_iter == iter->user_data)
++        return TRUE;
++    }
++
++  return FALSE;
+ }
+ 
+ static gboolean real_gtk_list_store_row_draggable (GtkTreeDragSource *drag_source,