diff --git a/ffmpeg.spec b/ffmpeg.spec
index 2b328b9dcc668ae81e195a65628050bff542d1f4..56fd6fdad1cfde0859b2832a35a91985561bd085 100644
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@@ -62,7 +62,7 @@
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        6.1.1
-Release:        22
+Release:        23
 License:        GPL-3.0-or-later
 URL:            http://ffmpeg.org/
 Source0:        http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz
@@ -89,6 +89,7 @@ Patch18:        backport-CVE-2024-35369.patch
 Patch19:        backport-CVE-2024-36613.patch
 Patch20:        CVE-2025-25473.patch
 Patch21:        backport-CVE-2024-35365.patch
+Patch22:        fix-CVE-2025-22919-CVE-2025-22921.patch
 
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
@@ -421,6 +422,8 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 
 
 %changelog
+* Tue Jul 2025 happyworker <208suo@208suo.com> - 6.1.1-23
+- fix  CVE-2025-22919-CVE-2025-22921
 
 * Tue Apr 22 2025 changtao <changtao@kylinos.cn> - 6.1.1-22
 - fix  CVE-2024-35365
diff --git a/fix-CVE-2025-22919-CVE-2025-22921.patch b/fix-CVE-2025-22919-CVE-2025-22921.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5f8ccd0301082afe5be09a51acff6e71bd220599
--- /dev/null
+++ b/fix-CVE-2025-22919-CVE-2025-22921.patch
@@ -0,0 +1,43 @@
+From b3e1202545981ae8c0a05fad09bb2650f7bc061c Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Tue, 8 Jul 2025 15:13:17 +0800
+Subject: [PATCH] avfilter/buffersrc: check for valid sample rate
+
+---
+ libavcodec/jpeg2000dec.c | 1 +
+ libavfilter/buffersrc.c  | 7 +++++++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
+index 691cfbd..b56902c 100644
+--- a/libavcodec/jpeg2000dec.c
++++ b/libavcodec/jpeg2000dec.c
+@@ -1223,6 +1223,7 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile,
+                 }
+             }
+             av_freep(&cblk->lengthinc);
++            cblk->nb_lengthinc = 0;
+         }
+     }
+     // Save state of stream
+diff --git a/libavfilter/buffersrc.c b/libavfilter/buffersrc.c
+index 453fc0f..32c29e9 100644
+--- a/libavfilter/buffersrc.c
++++ b/libavfilter/buffersrc.c
+@@ -401,6 +401,13 @@ FF_ENABLE_DEPRECATION_WARNINGS
+         av_channel_layout_describe(&s->ch_layout, buf, sizeof(buf));
+     }
+ 
++    if (s->sample_rate <= 0) {
++        av_log(ctx, AV_LOG_ERROR, "Sample rate not set\n");
++        return AVERROR(EINVAL);
++    }
++
++
++
+     if (!s->time_base.num)
+         s->time_base = (AVRational){1, s->sample_rate};
+ 
+-- 
+2.43.0
+