diff --git a/backport-CVE-2025-7545.patch b/backport-CVE-2025-7545.patch
new file mode 100644
index 0000000000000000000000000000000000000000..aff415803fc8225ee3d62defe00c8b1ca8acd50a
--- /dev/null
+++ b/backport-CVE-2025-7545.patch
@@ -0,0 +1,44 @@
+From 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 21 Jun 2025 06:36:56 +0800
+Subject: [PATCH] objcopy: Don't extend the output section size
+
+Since the output section contents are copied from the input, don't
+extend the output section size beyond the input section size.
+
+	PR binutils/33049
+	* objcopy.c (copy_section): Don't extend the output section
+	size beyond the input section size.
+
+Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+---
+ binutils/objcopy.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/binutils/objcopy.c b/binutils/objcopy.c
+index 366e1079d82..2e98ba44c01 100644
+--- a/binutils/objcopy.c
++++ b/binutils/objcopy.c
+@@ -4514,6 +4514,7 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg)
+ 	  char *to = (char *) memhunk;
+ 	  char *end = (char *) memhunk + size;
+ 	  int i;
++	  bfd_size_type memhunk_size = size;
+ 
+ 	  /* If the section address is not exactly divisible by the interleave,
+ 	     then we must bias the from address.  If the copy_byte is less than
+@@ -4533,6 +4534,11 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg)
+ 	      }
+ 
+ 	  size = (size + interleave - 1 - copy_byte) / interleave * copy_width;
++
++	  /* Don't extend the output section size.  */
++	  if (size > memhunk_size)
++	    size = memhunk_size;
++
+ 	  osection->lma /= interleave;
+ 	  if (copy_byte < extra)
+ 	    osection->lma++;
+-- 
+2.43.7
+
diff --git a/binutils.spec b/binutils.spec
index a0669798827408e82f11c52f9ba1f3e206b7e470..c4aed6d1a4fe55eb57de8caf1d605469ceb27808 100644
--- a/binutils.spec
+++ b/binutils.spec
@@ -2,7 +2,7 @@
 Summary: A GNU collection of binary utilities
 Name: binutils%{?_with_debug:-debug}
 Version: 2.41
-Release: 16
+Release: 17
 License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later
 URL: https://sourceware.org/binutils
 
@@ -370,6 +370,9 @@ Patch5011: backport-CVE-2025-0840.patch
 # Lifetime: fixed in master
 Patch5012: backport-CVE-2025-3198.patch
 
+# Lifetime: fixed in 2.41
+Patch5013: backport-CVE-2025-7545.patch
+
 #----------------------------------------------------------------------------
 
 Patch6001: aarch64-add-l4-instruction.patch
@@ -1386,6 +1389,9 @@ exit 0
 
 #----------------------------------------------------------------------------
 %changelog
+* Thu Jul 24 2025 Huanyu Li <lihuanyu@cqsoftware.com.cn> -2.41-17
+- Fix CVE-2025-7545: heap-based buffer overflow in objcopy
+
 * Thu May 22 2025 Linux_zhang <zhangruifang@h-partners.com> - 2.41-16
 - Fix CVE-2025-3198: Memory leak issue in objdump