diff --git a/0001-fix-cve-2021-4043.patch b/0001-fix-cve-2021-4043.patch
new file mode 100644
index 0000000000000000000000000000000000000000..897e001fd8b6ced6ee549b4b2d878ea3d8594da3
--- /dev/null
+++ b/0001-fix-cve-2021-4043.patch
@@ -0,0 +1,32 @@
+From 64a2e1b799352ac7d7aad1989bc06e7b0f2b01db Mon Sep 17 00:00:00 2001
+From: jeanlf <jeanlf@gpac.io>
+Date: Tue, 1 Feb 2022 15:28:23 +0100
+Subject: [PATCH] fixed #2092
+
+---
+ src/isomedia/box_code_base.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/isomedia/box_code_base.c b/src/isomedia/box_code_base.c
+index b3c38310a..126084b0e 100644
+--- a/src/isomedia/box_code_base.c
++++ b/src/isomedia/box_code_base.c
+@@ -11083,10 +11083,12 @@ void gitn_box_del(GF_Box *s)
+ 	u32 i;
+ 	GroupIdToNameBox *ptr = (GroupIdToNameBox *)s;
+ 	if (ptr == NULL) return;
+-	for (i=0; i<ptr->nb_entries; i++) {
+-		if (ptr->entries[i].name) gf_free(ptr->entries[i].name);
++	if (ptr->entries) {
++		for (i=0; i<ptr->nb_entries; i++) {
++			if (ptr->entries[i].name) gf_free(ptr->entries[i].name);
++		}
++		gf_free(ptr->entries);
+ 	}
+-	if (ptr->entries) gf_free(ptr->entries);
+ 	gf_free(ptr);
+ }
+ 
+-- 
+2.39.3
+
diff --git a/gpac.spec b/gpac.spec
index fc531c462e49111cf61f1ab3a5decbf3d75b82c7..607179d96b79f7241e7957bd9884e9169d94e6f3 100644
--- a/gpac.spec
+++ b/gpac.spec
@@ -9,7 +9,7 @@
 Name:        gpac
 Summary:     MPEG-4 multimedia framework
 Version:     0.8.0
-Release:     1%{?dist}
+Release:     2%{?dist}
 License:     LGPLv2+
 URL:         http://gpac.sourceforge.net/
 Source0:     https://github.com/gpac/gpac/archive/v%{version}/gpac-%{version}.tar.gz
@@ -42,6 +42,8 @@ BuildRequires:  gcc
 %{?_with_amr:BuildRequires: amrnb-devel
 BuildRequires:  amrwb-devel}
 
+Patch: 0001-fix-cve-2021-4043.patch 
+
 %description
 GPAC is a multimedia framework based on the MPEG-4 Systems standard developed
 from scratch in ANSI C.  The original development goal is to provide a clean,
@@ -174,6 +176,9 @@ rm %{buildroot}%{_includedir}/wince/errno.h
 
 
 %changelog
+* Wed Mar 12 2025 shenzl <shenzhongli@inspur.com> - 0.8.0-2
+- fix CVE-2021-4043
+
 * Tue Aug 06 2019 Sérgio Basto <sergio@serjux.com> - 0.8.0-1
 - Update GPAC to 0.8.0