diff --git a/backport-CVE-2025-6199.patch b/backport-CVE-2025-6199.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8e944faae5a40946400369f3209fae25bc0c8ff5
--- /dev/null
+++ b/backport-CVE-2025-6199.patch
@@ -0,0 +1,30 @@
+From c4986342b241cdc075259565f3fa7a7597d32a32 Mon Sep 17 00:00:00 2001
+From: lumi <lumi@suwi.moe>
+Date: Sat, 7 Jun 2025 22:27:06 +0200
+Subject: [PATCH] lzw: Fix reporting of bytes written in decoder
+
+When the LZW decoder encounters an invalid code, it stops
+processing the image and returns the whole buffer size.
+It should return the amount of bytes written, instead.
+
+Fixes #257
+---
+ gdk-pixbuf/lzw.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdk-pixbuf/lzw.c b/gdk-pixbuf/lzw.c
+index 1529356..4f3dd8b 100644
+--- a/gdk-pixbuf/lzw.c
++++ b/gdk-pixbuf/lzw.c
+@@ -208,7 +208,7 @@ lzw_decoder_feed (LZWDecoder *self,
+                                 /* Invalid code received - just stop here */
+                                 if (self->code >= self->code_table_size) {
+                                         self->last_code = self->eoi_code;
+-                                        return output_length;
++                                        return n_written;
+                                 }
+ 
+                                 /* Convert codeword into indexes */
+--
+GitLab
+
diff --git a/gdk-pixbuf2.spec b/gdk-pixbuf2.spec
index 5e6c6cd2949b953520736f921584416981ce87a0..1008dddfcb28e47150be6feab15334a7dd3d45b0 100644
--- a/gdk-pixbuf2.spec
+++ b/gdk-pixbuf2.spec
@@ -1,6 +1,6 @@
 Name:           gdk-pixbuf2
 Version:        2.40.0
-Release:        6
+Release:        7
 Summary:        gdk is a multi-platform toolkit for creating graphical user interfaces.
 
 License:        LGPLv2+
@@ -13,6 +13,7 @@ Patch0002:	backport-CVE-2020-29385.patch
 Patch0003:	backport-CVE-2021-46829.patch
 Patch0004:	backport-CVE-2021-44648.patch
 Patch0005:	backport-CVE-2022-48622.patch
+Patch0006:      backport-CVE-2025-6199.patch
 
 BuildRequires:  gettext gtk-doc pkgconfig(gio-2.0) >= 2.48.0 libpng-devel libjpeg-devel libtiff-devel shared-mime-info
 BuildRequires:  meson pkgconfig(x11) pkgconfig(gobject-introspection-1.0) >= 0.9.3 gobject-introspection-devel libxslt gdb
@@ -108,6 +109,9 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
 %{_mandir}/man1/gdk-pixbuf-csource.1*
 
 %changelog
+* Wed Jun 18 2025 Funda Wang <fundawang@yeah.net> - 2.40.0-7
+- fix CVE-2025-6199
+
 * Fri Sep 13 2024 zhangpan <zhangpan103@h-partners.com> - 2.40.0-6
 - fix CVE-2022-48622