diff --git a/CVE-2025-50949.patch b/CVE-2025-50949.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9af06f8174d4bafe8d64075b183bceff30685d6a
--- /dev/null
+++ b/CVE-2025-50949.patch
@@ -0,0 +1,31 @@
+From 701e4d7569d6bd777704ab3364d7d1c519d89a91 Mon Sep 17 00:00:00 2001
+From: zhailiangliang <zhailiangliang@loongson.cn>
+Date: Mon, 4 Nov 2024 08:56:07 +0000
+Subject: [PATCH] fix memleak in function DlgCreate8
+
+---
+ gdraw/gaskdlg.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/gdraw/gaskdlg.c b/gdraw/gaskdlg.c
+index 3563361796..8178be14c8 100644
+--- a/gdraw/gaskdlg.c
++++ b/gdraw/gaskdlg.c
+@@ -209,12 +209,13 @@ static GWindow DlgCreate8(const char *title,const char *question,va_list ap,
+     extern GBox _GGadget_defaultbutton_box;
+ 
+     if ( d!=NULL )
+-	memset(d,0,sizeof(*d));
++        memset(d,0,sizeof(*d));
+     buf = vsmprintf(question, ap);
+     if ( screen_display==NULL ) {
+-	fprintf(stderr, "%s\n", buf );
+-	if ( d!=NULL ) d->done = true;
+-return( NULL );
++        fprintf(stderr, "%s\n", buf);
++        if ( d!=NULL ) d->done = true;
++        free(buf);
++        return( NULL );
+     }
+     ubuf = utf82u_copy(buf);
+     free(buf);
diff --git a/fontforge.spec b/fontforge.spec
index 174ab2bf74e91a030eca2c5b37d3dba2d50e2f85..000bc44827f898751c6b80051e6c83ead77c74ce 100644
--- a/fontforge.spec
+++ b/fontforge.spec
@@ -3,7 +3,7 @@
 
 Name:           fontforge
 Version:        20230101
-Release:        3
+Release:        4
 Summary:        Outline and bitmap font editor
 License:        GPLv3+
 URL:            http://fontforge.github.io/
@@ -11,6 +11,7 @@ Source0:        https://github.com/fontforge/%{name}/archive/%{gittag0}.tar.gz#/
 Patch0:         Fix-errors-in-French-and-Italian-translations.patch
 # https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429
 Patch1:         CVE-2024-25081_CVE-2024-25082.patch
+Patch2:         CVE-2025-50949.patch
 
 Requires:       xdg-utils potrace hicolor-icon-theme
 BuildRequires:  gcc-c++ cmake libjpeg-devel libtiff-devel libpng-devel giflib-devel libxml2-devel
@@ -109,6 +110,9 @@ popd
 %{_mandir}/man1/*.1*
 
 %changelog
+* Fri Oct 24 2025 yujingbo <yujingbo@kylinos.cn> - 20230101-4
+- Fix CVE-2025-50949
+
 * Tue Feb 27 2024 yaoxin <yao_xin001@hoperun.com> - 20230101-3
 - Fix CVE-2024-25081 and CVE-2024-25082