diff --git a/LibRaw.spec b/LibRaw.spec
index 0c0829ade362e6e41b991d5ec5bccb366e92dc47..a34d5aa54fc6acf4da0f6c73341ec85c7a748ed3 100644
--- a/LibRaw.spec
+++ b/LibRaw.spec
@@ -1,12 +1,13 @@
 Name:          LibRaw
 Version:       0.21.1
-Release:       2
+Release:       3
 Summary:       Library for reading RAW files obtained from digital photo cameras
 License:       BSD-3-Clause and (CDDL-1.0 or  LGPL-2.1-only)
 URL:           http://www.libraw.org
 Source0:       http://github.com/LibRaw/LibRaw/archive/%{version}.tar.gz
 Patch0:        LibRaw-pkgconfig.patch
 Patch1:        CVE-2023-1729.patch
+Patch2:        backport-upstream_CVE-2025-43963.patch
 
 BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg) 
 BuildRequires: autoconf automake libtool make
@@ -65,6 +66,9 @@ rm -rfv samples/.deps samples/.dirstamp samples/*.o
 %exclude %{_docdir}/libraw/*
 
 %changelog
+* Mon Apr 21 2025 hdliu <hdliu@linx-info.com> - 0.21.1-3
+- Fix CVE-2025-43963
+
 * Mon May 15 2023 yaoxin <yao_xin001@hoperun.com> - 0.21.1-2
 - Fix CVE-2023-1729
 
diff --git a/backport-upstream_CVE-2025-43963.patch b/backport-upstream_CVE-2025-43963.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c9f2aafb7b8f1096991f1998e839500a78cbb19e
--- /dev/null
+++ b/backport-upstream_CVE-2025-43963.patch
@@ -0,0 +1,35 @@
+From 131aac64a5d52a140cb94d7619755dcf1ae12160 Mon Sep 17 00:00:00 2001
+From: hdliu <hdliu@linx-info.com>
+Date: Mon, 21 Apr 2025 13:45:05 +0800
+Subject: [PATCH] prevent out-of-buffer access in phase_one_correct()
+
+Signed-off-by: hdliu <hdliu@linx-info.com>
+---
+ src/decoders/load_mfbacks.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/decoders/load_mfbacks.cpp b/src/decoders/load_mfbacks.cpp
+index 493c785..c1c89ee 100644
+--- a/src/decoders/load_mfbacks.cpp
++++ b/src/decoders/load_mfbacks.cpp
+@@ -348,7 +348,7 @@ int LibRaw::phase_one_correct()
+           off_412 = ftell(ifp) - 38;
+         }
+       }
+-      else if (tag == 0x041f && !qlin_applied)
++      else if (tag == 0x041f && !qlin_applied && ph1.split_col > 0 && ph1.split_col < raw_width && ph1.split_row > 0 && ph1.split_row < raw_height)
+       { /* Quadrant linearization */
+         ushort lc[2][2][16], ref[16];
+         int qr, qc;
+@@ -425,7 +425,7 @@ int LibRaw::phase_one_correct()
+         }
+         qmult_applied = 1;
+       }
+-      else if (tag == 0x0431 && !qmult_applied)
++      else if (tag == 0x0431 && !qmult_applied && ph1.split_col > 0 && ph1.split_col < raw_width && ph1.split_row > 0 && ph1.split_row < raw_height)
+       { /* Quadrant combined - four tile gain calibration */
+         ushort lc[2][2][7], ref[7];
+         int qr, qc;
+-- 
+2.33.0
+