diff --git a/debian/changelog b/debian/changelog
index 9c06aadd11610534908a5cd640635cad85602202..474f8b88de304d27963fb7ec3731ac05511a61ad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libraw (0.19.5-ok5) yangtze; urgency=medium
+
+  * zhangce1999 CVE-2020-35531 安全更新：get_huffman_diff()函数（libraw\src\x3f\x3f_utils_patched.cpp）在从图像文件读取数据时存在越界读取漏洞。
+
+ -- zhangce <zhangce1999@bupt.edu.cn>  Thu, 16 Mar 2023 18:53:11 +0800
+
 libraw (0.19.5-ok4) yangtze; urgency=medium
 
   * hanserly132a CVE-2020-35530 安全更新：new_node()函数越界写入漏洞.
diff --git a/internal/libraw_x3f.cpp b/internal/libraw_x3f.cpp
index 019de293e47f066dd43be7a646c6a83e301c3ff2..1b386208e560e70895a9ca415b0417cfddc279d6 100644
--- a/internal/libraw_x3f.cpp
+++ b/internal/libraw_x3f.cpp
@@ -1410,6 +1410,8 @@ static void huffman_decode_row(x3f_info_t *I,
   int col;
   bit_state_t BS;
 
+  if (HUF->row_offsets.element[row] > ID->data_size - 1)
+	  throw LIBRAW_EXCEPTION_IO_CORRUPT;
   set_bit_state(&BS, (uint8_t*)ID->data + HUF->row_offsets.element[row]);
 
   for (col = 0; col < ID->columns; col++) {