diff --git a/backport-CVE-2025-0518.patch b/backport-CVE-2025-0518.patch
new file mode 100644
index 0000000000000000000000000000000000000000..94dc80754f30f63f895cecd7ef8b079f93a12cdc
--- /dev/null
+++ b/backport-CVE-2025-0518.patch
@@ -0,0 +1,29 @@
+From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Mon, 6 Jan 2025 22:01:39 +0100
+Subject: [PATCH] avfilter/af_pan: Fix sscanf() use
+
+Fixes: Memory Data Leak
+
+Found-by: Simcha Kosman <simcha.kosman@cyberark.com>
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavfilter/af_pan.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
+index 34e522c..7020360 100644
+--- a/libavfilter/af_pan.c
++++ b/libavfilter/af_pan.c
+@@ -178,7 +178,7 @@ static av_cold int init(AVFilterContext *ctx)
+         sign = 1;
+         while (1) {
+             gain = 1;
+-            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len))
++	    if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1)
+                 arg += len;
+             if (parse_channel_name(&arg, &in_ch_id, &named)){
+                 av_log(ctx, AV_LOG_ERROR,
+-- 
+2.46.0
+
diff --git a/ffmpeg.spec b/ffmpeg.spec
index d4213b207c6143066e959f903949e7c5c4ed6f80..4a6f281b4ed585aa890d16353f22b75ffcdc7ffb 100644
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@@ -60,7 +60,7 @@
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        4.2.4
-Release:        22
+Release:        23
 License:        %{ffmpeg_license}
 URL:            http://ffmpeg.org/
 %if 0%{?date}
@@ -94,6 +94,7 @@ Patch22:        backport-CVE-2024-36616.patch
 Patch23:        backport-CVE-2024-36618.patch
 Patch24:        backport-CVE-2024-36617.patch
 Patch25:        backport-CVE-2024-36613.patch
+Patch26:        backport-CVE-2025-0518.patch
 
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
@@ -427,6 +428,12 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 
 
 %changelog
+* Fri Jan 17 2025 changtao <changtao@kylinos.cn> - 4.2.4-23
+- Type: CVE
+- CVE: CVE-2025-0518
+- SUG: NA
+- DESC: fix CVE-2025-0518
+
 * Sun Jan 5 2025 changtao <changtao@kylinos.cn> - 4.2.4-22
 - Type: CVE
 - CVE: CVE-2024-36613