diff --git a/CVE-2021-20302.patch b/CVE-2021-20302.patch
new file mode 100644
index 0000000000000000000000000000000000000000..39ccab3c6fb752b97733aaaf46de4a74ac7a4033
--- /dev/null
+++ b/CVE-2021-20302.patch
@@ -0,0 +1,33 @@
+diff -Naru "openexr-2.2.0 copy/IlmImf/ImfDeepScanLineInputFile.cpp" openexr-2.2.0/IlmImf/ImfDeepScanLineInputFile.cpp
+--- "openexr-2.2.0 copy/IlmImf/ImfDeepScanLineInputFile.cpp"	2022-07-06 16:43:15.752732000 +0800
++++ openexr-2.2.0/IlmImf/ImfDeepScanLineInputFile.cpp	2022-07-06 16:45:09.368817000 +0800
+@@ -717,10 +717,12 @@
+ 
+                     int width = (_ifd->maxX - _ifd->minX + 1);
+ 
++                    ptrdiff_t base = reinterpret_cast<ptrdiff_t>(&_ifd->sampleCount[0][0]);
++                    base -= sizeof(unsigned int)*_ifd->minX;
++                    base -= sizeof(unsigned int)*static_cast<ptrdiff_t>(_ifd->minY) * static_cast<ptrdiff_t>(width);
++
+                     copyIntoDeepFrameBuffer (readPtr, slice.base,
+-                                             (char*) (&_ifd->sampleCount[0][0]
+-                                                      - _ifd->minX
+-                                                      - _ifd->minY * width),
++                                             reinterpret_cast<char*>(base),
+                                              sizeof(unsigned int) * 1,
+                                              sizeof(unsigned int) * width,
+                                              y, _ifd->minX, _ifd->maxX,
+ 
+diff -Naru "openexr-2.2.0 copy/IlmImf/ImfTiledInputFile.cpp" openexr-2.2.0/IlmImf/ImfTiledInputFile.cpp
+--- "openexr-2.2.0 copy/IlmImf/ImfTiledInputFile.cpp"	2022-07-06 16:43:15.892732000 +0800
++++ openexr-2.2.0/IlmImf/ImfTiledInputFile.cpp	2022-07-06 16:50:27.438890000 +0800
+@@ -903,6 +903,9 @@
+         if (!isTiled (_data->version))
+             throw IEX_NAMESPACE::ArgExc ("Expected a tiled file but the file is not tiled.");
+         
++        if (isNonImage (_data->version))
++            throw IEX_NAMESPACE::ArgExc ("File is not a regular tiled image.");
++            
+     }
+     else
+     {
diff --git a/OpenEXR.spec b/OpenEXR.spec
index 3f02d93adfbc201c916642f6f527b500f0e653c0..849dd831215f925ec5ea91c212702457c8f8261d 100644
--- a/OpenEXR.spec
+++ b/OpenEXR.spec
@@ -1,9 +1,9 @@
 Name:           OpenEXR
 Summary:        A high dynamic-range (HDR) image file format for use in computer imaging applications
 Version:        2.2.0
-Release:        25
+Release:        26
 License:        BSD
-URL:	        http://www.openexr.com/
+URL:	          http://www.openexr.com/
 Source0:        http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz
 
 Patch0000:      openexr-2.1.0-bigendian.patch
@@ -31,6 +31,7 @@ Patch0021:      CVE-2021-3605.patch
 Patch0022:      CVE-2021-20303.patch
 #https://github.com/AcademySoftwareFoundation/openexr/commit/7b11bbac18fc3c23.patch
 Patch0023:      CVE-2021-20299.patch
+Patch0024:      CVE-2021-20302.patch
 
 BuildConflicts: %{name}-devel < 2.2.0
 BuildRequires:  gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig
@@ -94,6 +95,9 @@ test "$(pkg-config --modversion OpenEXR)" = "%{version}"
 %{_libdir}/pkgconfig/OpenEXR.pc
 
 %changelog
+* Wed Jul 6 2022 dengyuyu <yuyu.deng@epro.com.cn> - 2.2.0.26
+- fix CVE-2021-20302
+
 * Wed Mar 23 2022 yaoxin <yaoxin30@huawei.com> - 2.2.0-25
 - Fix CVE-2021-20299