diff --git a/CVE-2020-35964.patch b/CVE-2020-35964.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5d7f3b283e8f546e5f101d150bcc2bc437151d76
--- /dev/null
+++ b/CVE-2020-35964.patch
@@ -0,0 +1,68 @@
+diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vividas.c
+--- ffmpeg-4.2.4/libavformat/vividas.c	2022-05-20 16:21:19.420882000 +0800
++++ ffmpeg-4.2.4-new/libavformat/vividas.c	2022-05-23 14:27:05.231650000 +0800
+@@ -27,7 +27,7 @@
+  * @author Andrzej Szombierski [qq at kuku eu org] (2010-07)
+  * @sa http://wiki.multimedia.cx/index.php?title=Vividas_VIV
+  */
+-
++#include "libavutil/avassert.h"
+ #include "libavutil/intreadwrite.h"
+ #include "avio_internal.h"
+ #include "avformat.h"
+@@ -278,7 +278,7 @@
+
+ static int track_header(VividasDemuxContext *viv, AVFormatContext *s,  uint8_t *buf, int size)
+ {
+-    int i,j;
++    int i, j, ret;
+     int64_t off;
+     int val_1;
+     int num_video;
+@@ -372,7 +372,7 @@
+
+         if (avio_tell(pb) < off) {
+             int num_data;
+-            int xd_size = 0;
++            int xd_size = 1;
+             int data_len[256];
+             int offset = 1;
+             uint8_t *p;
+@@ -387,24 +387,19 @@
+                     return AVERROR_INVALIDDATA;
+                 }
+                 data_len[j] = len;
+-                xd_size += len;
++                xd_size += len + 1 + len/255;
+             }
+
+-            st->codecpar->extradata_size = 64 + xd_size + xd_size / 255;
+-            if (ff_alloc_extradata(st->codecpar, st->codecpar->extradata_size)) {
+-                av_free(pb);
+-                return AVERROR(ENOMEM);
+-            }
++            ret = ff_alloc_extradata(st->codecpar, xd_size);
++            if (ret < 0)
++                return ret;
+
+             p = st->codecpar->extradata;
+             p[0] = 2;
+
+             for (j = 0; j < num_data - 1; j++) {
+                 unsigned delta = av_xiphlacing(&p[offset], data_len[j]);
+-                if (delta > data_len[j]) {
+-                    av_free(pb);
+-                    return AVERROR_INVALIDDATA;
+-                }
++                av_assert0(delta <= xd_size - offset);
+                 offset += delta;
+             }
+
+@@ -415,6 +410,7 @@
+                     av_freep(&st->codecpar->extradata);
+                     break;
+                 }
++                av_assert0(data_len[j] <= xd_size - offset);
+                 offset += data_len[j];
+             }
+
diff --git a/CVE-2021-38114.patch b/CVE-2021-38114.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ed1e3bec389f0d7cd05fbbd7dd37905a58412d11
--- /dev/null
+++ b/CVE-2021-38114.patch
@@ -0,0 +1,45 @@
+diff -Naru ffmpeg-4.2.4/libavcodec/dnxhddec.c ffmpeg-4.2.4-new/libavcodec/dnxhddec.c
+--- ffmpeg-4.2.4/libavcodec/dnxhddec.c	2022-05-20 16:21:12.890882000 +0800
++++ ffmpeg-4.2.4-new/libavcodec/dnxhddec.c	2022-05-20 16:47:00.416516000 +0800
+@@ -111,6 +111,7 @@
+
+ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
+ {
++    int ret;
+     if (cid != ctx->cid) {
+         int index;
+
+@@ -130,19 +131,26 @@
+         ff_free_vlc(&ctx->dc_vlc);
+         ff_free_vlc(&ctx->run_vlc);
+
+-        init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
++        if ((ret = init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
+                  ctx->cid_table->ac_bits, 1, 1,
+-                 ctx->cid_table->ac_codes, 2, 2, 0);
+-        init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
++                 ctx->cid_table->ac_codes, 2, 2, 0)) < 0)
++            goto out;
++        if ((ret = init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
+                  ctx->cid_table->dc_bits, 1, 1,
+-                 ctx->cid_table->dc_codes, 1, 1, 0);
+-        init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62,
++                 ctx->cid_table->dc_codes, 1, 1, 0)) < 0)
++            goto out;
++        if ((ret = init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62,
+                  ctx->cid_table->run_bits, 1, 1,
+-                 ctx->cid_table->run_codes, 2, 2, 0);
++                 ctx->cid_table->run_codes, 2, 2, 0)) < 0)
++            goto out;
+
+         ctx->cid = cid;
+     }
+-    return 0;
++        ret = 0;
++out:
++    if (ret < 0)
++        av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n");
++    return ret;
+ }
+
+ static av_cold int dnxhd_decode_init_thread_copy(AVCodecContext *avctx)
diff --git a/ffmpeg.spec b/ffmpeg.spec
index a62db6da0e89a93f707ab1b4d4b4740aa7356943..c378cd2000b08affc966430d1cba383fff3aa6f3 100644
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        4.2.4
-Release:        3
+Release:        4
 License:        %{ffmpeg_license}
 URL:            http://ffmpeg.org/
 %if 0%{?date}
@@ -73,6 +73,8 @@ Patch0:         fix_ppc_build.patch
 Patch1:         fix-vmaf-model-path.patch
 Patch2:         CVE-2021-3566.patch
 Patch3:         CVE-2021-38291.patch
+Patch4:         CVE-2021-38114.patch
+Patch5:         CVE-2020-35964.patch
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
 %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
@@ -405,6 +407,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 
 
 %changelog
+* Mon May 23 2022 yangweidong <yangweidong9@huawei.com> - 4.2.4-4
+- Fix CVE-2021-38114 and CVE-2020-35964
+
 * Sat Sep 04 2021 guoxiaoqi <guoxiaoqi2@huawei.com> - 4.2.4-3
 - Fix CVE-2021-3566 and CVE-2021-38291