diff --git a/backport-CVE-2025-0518.patch b/backport-CVE-2025-0518.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5a8e36e3de892dd49295dcf8339cf21cbd3df23b
--- /dev/null
+++ b/backport-CVE-2025-0518.patch
@@ -0,0 +1,29 @@
+From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Mon, 6 Jan 2025 22:01:39 +0100
+Subject: [PATCH] avfilter/af_pan: Fix sscanf() use
+
+Fixes: Memory Data Leak
+
+Found-by: Simcha Kosman <simcha.kosman@cyberark.com>
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavfilter/af_pan.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
+index cfed9f1..fd5b836 100644
+--- a/libavfilter/af_pan.c
++++ b/libavfilter/af_pan.c
+@@ -165,7 +165,7 @@ static av_cold int init(AVFilterContext *ctx)
+         sign = 1;
+         while (1) {
+             gain = 1;
+-            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len))
++	    if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1)
+                 arg += len;
+             if (parse_channel_name(&arg, &in_ch_id, &named)){
+                 av_log(ctx, AV_LOG_ERROR,
+-- 
+2.46.0
+
diff --git a/ffmpeg.spec b/ffmpeg.spec
index 83592a75b01a2ff465bf95c69df05f21bd3d98a0..82b5d01799b1a950eab0ad0cb2749a535cc3b210 100644
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@@ -62,7 +62,7 @@
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        6.1.1
-Release:        20
+Release:        21
 License:        GPL-3.0-or-later
 URL:            http://ffmpeg.org/
 Source0:        http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz
@@ -88,6 +88,7 @@ Patch17:        backport-CVE-2024-36619.patch
 Patch18:        backport-CVE-2024-35369.patch
 Patch19:        backport-CVE-2024-36613.patch
 Patch20:        backport-CVE-2024-35365.patch
+Patch21:        backport-CVE-2025-0518.patch
 
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
@@ -417,6 +418,12 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 
 
 %changelog
+* Fri Jan 17 2025 changtao <changtao@kylinos.cn> - 6.1.1-21
+- Type: CVE
+- CVE: CVE-2025-0518
+- SUG: NA
+- DESC: fix CVE-2025-0518
+
 * Mon Jan 13 2025 changtao <changtao@kylinos.cn> - 6.1.1-20
 - Type: CVE
 - CVE: CVE-2024-35365