diff --git a/cve-fix-CVE-2023-44442.patch b/cve-fix-CVE-2023-44442.patch
new file mode 100644
index 0000000000000000000000000000000000000000..152bfb95ed33ab4481e11db611d6ab0a514b9293
--- /dev/null
+++ b/cve-fix-CVE-2023-44442.patch
@@ -0,0 +1,25 @@
+From 592d80b282f3bf09e8e4e07a2ccdb57c6a9a0a0b Mon Sep 17 00:00:00 2001
+From: zhuhongbo <zhuhongbo@uniontech.com>
+Date: Tue, 17 Dec 2024 21:44:32 +0800
+Subject: [PATCH] cve: fix CVE-2023-44442
+
+
+---
+ plug-ins/file-psd/psd-util.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/plug-ins/file-psd/psd-util.c b/plug-ins/file-psd/psd-util.c
+index 661d17e..9452e04 100644
+--- a/plug-ins/file-psd/psd-util.c
++++ b/plug-ins/file-psd/psd-util.c
+@@ -389,6 +389,7 @@ decode_packbits (const gchar *src,
+             {
+               IFDBG(2) g_debug ("Overrun in packbits replicate of %d chars", n - unpack_left);
+               error_code = 2;
++              break;
+             }
+           dat = *src;
+           for (; n > 0; --n)
+-- 
+2.43.0
+
diff --git a/cve-fix-CVE-2023-44444.patch b/cve-fix-CVE-2023-44444.patch
new file mode 100644
index 0000000000000000000000000000000000000000..641aa9eda8f148893bf4924f08ff71ed4212617c
--- /dev/null
+++ b/cve-fix-CVE-2023-44444.patch
@@ -0,0 +1,26 @@
+From b992bc60103d8c3bbd2aa46293c9f0e4f350114c Mon Sep 17 00:00:00 2001
+From: zhuhongbo <zhuhongbo@uniontech.com>
+Date: Tue, 17 Dec 2024 21:44:32 +0800
+Subject: [PATCH] cve: fix CVE-2023-44444
+
+
+---
+ plug-ins/common/file-psp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
+index 7c3d04b..f5c5d94 100644
+--- a/plug-ins/common/file-psp.c
++++ b/plug-ins/common/file-psp.c
+@@ -1190,7 +1190,7 @@ read_channel_data (FILE       *f,
+ 
+         q = pixels[0] + offset;
+         endq = q + npixels * bytespp;
+-        buf = g_malloc (127);
++        buf = g_malloc (128);
+         while (q < endq)
+           {
+             fread (&runcount, 1, 1, f);
+-- 
+2.43.0
+
diff --git a/gimp.spec b/gimp.spec
index 909c323b79c2ade8a28088a2266100e4761d9008..63af4dae056edb4d43a8a31b644207c8fba0e7d6 100644
--- a/gimp.spec
+++ b/gimp.spec
@@ -82,7 +82,7 @@ Summary:        GNU Image Manipulation Program
 Name:           gimp
 Epoch:          2
 Version:        2.8.22
-Release:        %{?prerelprefix}1%{dotprerel}%{dotgitrev}%{?dist}
+Release:        %{?prerelprefix}1%{dotprerel}%{dotgitrev}%{?dist}.1
 
 # Compute some version related macros.
 # Ugly, need to get quoting percent signs straight.
@@ -209,6 +209,8 @@ Patch1:         gimp-2.8.2-cm-system-monitor-profile-by-default.patch
 
 # use external help browser directly if help browser plug-in is not built
 Patch100:       gimp-2.8.6-external-help-browser.patch
+Patch101:       cve-fix-CVE-2023-44442.patch
+Patch102:       cve-fix-CVE-2023-44444.patch
 
 %description
 GIMP (GNU Image Manipulation Program) is a powerful image composition and
@@ -300,6 +302,8 @@ EOF
 %if ! %{with helpbrowser}
 %patch100 -p1 -b .external-help-browser
 %endif
+%patch101 -p1 -b .fix-CVE-2023-44442
+%patch102 -p1 -b .fix-CVE-2023-44444
 
 %build
 %if %{with hardening}
@@ -657,6 +661,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %endif
 
 %changelog
+* Tue Nov 19 2024 zhuhongbo <zhuhongbo@uniontech.com> - 2:2.8.22-1.1
+- cve: fix CVE-2023-44442 CVE-2023-44444
+
 * Tue Jul 18 2017 Josef Ridky <jridky@redhat.com> - 2:2.8.22-1
 - Rebase to the latest upstream release (2.8.22) - (#1210840)