diff --git a/CVE-2023-1729.patch b/CVE-2023-1729.patch
new file mode 100644
index 0000000000000000000000000000000000000000..427b3c852c168112af58b62c48532d610435e532
--- /dev/null
+++ b/CVE-2023-1729.patch
@@ -0,0 +1,22 @@
+From 9ab70f6dca19229cb5caad7cc31af4e7501bac93 Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Sat, 14 Jan 2023 18:32:59 +0300
+Subject: [PATCH] do not set shrink flag for 3/4 component images
+
+---
+ src/preprocessing/raw2image.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp
+index e65e2ad7..702cf290 100644
+--- a/src/preprocessing/raw2image.cpp
++++ b/src/preprocessing/raw2image.cpp
+@@ -43,6 +43,8 @@ void LibRaw::raw2image_start()
+ 
+   // adjust for half mode!
+   IO.shrink =
++	  !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image &&
++	  !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image &&
+       P1.filters &&
+       (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1)));
+ 
diff --git a/LibRaw.spec b/LibRaw.spec
index 4f09a426a7488241887eb7fd70d3599601a13def..5b90845f1ca756aec815ee42894868f42841b938 100644
--- a/LibRaw.spec
+++ b/LibRaw.spec
@@ -1,8 +1,8 @@
 Name:          LibRaw
 Version:       0.20.2
-Release:       5
+Release:       6
 Summary:       Library for reading RAW files obtained from digital photo cameras
-License:       BSD and (CDDL or LGPLv2)
+License:       BSD and (CDDL-1.0 or LGPLv2)
 URL:           http://www.libraw.org
 Source0:       http://github.com/LibRaw/LibRaw/archive/%{version}.tar.gz
 Patch0000:     prevent-buffer-overrun-in-parse_rollei.patch
@@ -10,6 +10,7 @@ Patch0001:     fix-stack-buffer-overflow-in-LibRaw_buffer_datastream_gets.patch
 Patch0002:     fix-use-of-uninitialized-value.patch
 Patch0003:     fix-use-of-uninitialized-value-in-makernotes.patch
 Patch0004:     fix-use-of-uninitialized-value-in-misc_parsers.patch
+Patch0005:     CVE-2023-1729.patch
 BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg)
 BuildRequires: autoconf automake libtool
 Provides:      bundled(dcraw) = 9.25
@@ -70,6 +71,9 @@ rm -rfv samples/.deps samples/.dirstamp samples/*.o
 %exclude %{_docdir}/libraw/*
 
 %changelog
+* Mon May 15 2023 yaoxin <yao_xin001@hoperun.com> - 0.20.2-6
+- Fix CVE-2023-1729
+
 * Fri Feb 25 2022 xu_ping <xuping33@huawei.com> - 0.20.2-5
 - fix use of uninitialized value of makernotes.cpp and misc_parsers.cpp