diff --git a/backport-CVE-2024-36613.patch b/backport-CVE-2024-36613.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d62454e4cd6e3f56a9d571f2139503289f63ca3c
--- /dev/null
+++ b/backport-CVE-2024-36613.patch
@@ -0,0 +1,36 @@
+From 1f6fcc64179377114b4ecc3b9f63bd5774a64edf Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 30 Sep 2023 00:51:29 +0200
+Subject: [PATCH] avformat/dxa: Adjust order of operations around block
+align
+
+Fixes:
+51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464
+Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in
+type 'int'
+
+Found-by: continuous fuzzing process
+https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+(cherry picked from commit 50d8e4f27398fd5778485a827d7a2817921f8540)
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavformat/dxa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavformat/dxa.c b/libavformat/dxa.c
+index 298cda0..e46c9b0 100644
+--- a/libavformat/dxa.c
++++ b/libavformat/dxa.c
+@@ -120,7 +120,7 @@ static int dxa_read_header(AVFormatContext *s)
+         }
+         c->bpc = (fsize + c->frames - 1) / c->frames;
+         if(ast->codecpar->block_align)
+-            c->bpc = ((c->bpc + ast->codecpar->block_align - 1) / ast->codecpar->block_align) * ast->codecpar->block_align;
++	    c->bpc = ((c->bpc - 1 + ast->codecpar->block_align) / ast->codecpar->block_align) * ast->codecpar->block_align;
+         c->bytes_left = fsize;
+         c->wavpos = avio_tell(pb);
+         avio_seek(pb, c->vidpos, SEEK_SET);
+-- 
+2.41.0
+
diff --git a/ffmpeg.spec b/ffmpeg.spec
index 0e5d4edc19262b4563ae30aa153d026b18a27b65..d4213b207c6143066e959f903949e7c5c4ed6f80 100644
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@@ -60,7 +60,7 @@
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        4.2.4
-Release:        21
+Release:        22
 License:        %{ffmpeg_license}
 URL:            http://ffmpeg.org/
 %if 0%{?date}
@@ -93,6 +93,7 @@ Patch21:        backport-CVE-2024-35368.patch
 Patch22:        backport-CVE-2024-36616.patch
 Patch23:        backport-CVE-2024-36618.patch
 Patch24:        backport-CVE-2024-36617.patch
+Patch25:        backport-CVE-2024-36613.patch
 
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
@@ -426,6 +427,12 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 
 
 %changelog
+* Sun Jan 5 2025 changtao <changtao@kylinos.cn> - 4.2.4-22
+- Type: CVE
+- CVE: CVE-2024-36613
+- SUG: NA
+- DESC: fix CVE-2024-36613
+
 * Fri Dec 13 2024 liningjie <liningjie@xfusion.com> - 4.2.4-21
 - fix CVE-2024-36617 CVE-2024-36618