diff --git a/CVE-2021-40633.patch b/CVE-2021-40633.patch
new file mode 100644
index 0000000000000000000000000000000000000000..18331f540dfe8beb7b833c66380f7548156b3313
--- /dev/null
+++ b/CVE-2021-40633.patch
@@ -0,0 +1,13 @@
+diff -urN giflib-5.2.2/gif2rgb.c giflib-5.2.2-bak/gif2rgb.c
+--- giflib-5.2.2/gif2rgb.c	2024-05-14 16:06:40.098092160 +0800
++++ giflib-5.2.2-bak/gif2rgb.c	2024-05-14 15:53:42.426757251 +0800
+@@ -525,6 +525,9 @@
+ 	DumpScreen2RGB(OutFileName, OneFileFlag, ColorMap, ScreenBuffer,
+ 	               GifFile->SWidth, GifFile->SHeight);
+ 
++	for (i = 0; i < GifFile->SHeight; i++) {
++		(void)free(ScreenBuffer[i]);
++	}
+ 	(void)free(ScreenBuffer);
+ 
+ 	{
diff --git a/giflib.spec b/giflib.spec
index 944781ac0d142150724a71b032f8238b62d51319..8be09f75c6a685e00ba24f27e6f24de5cd7df7cb 100644
--- a/giflib.spec
+++ b/giflib.spec
@@ -2,7 +2,7 @@
 
 Name:          giflib
 Version:       5.2.2
-Release:       1
+Release:       2
 Summary:       A library and utilities for processing GIFs
 License:       MIT
 URL:           http://www.sourceforge.net/projects/giflib/
@@ -14,6 +14,7 @@ Patch0: 0001-Move-quantize.c-back-into-libgif.so.patch
 Patch1: 0002-Fix-several-defects-found-by-Coverity-scan.patch
 # Generate HTML docs with consistent section IDs to avoid multilib difference
 Patch2: 0003-Generate-HTML-docs-with-consistent-section-IDs-to-av.patch
+Patch3: CVE-2021-40633.patch
 
 BuildRequires: make xmlto gcc
 BuildRequires: ImageMagick
@@ -74,6 +75,9 @@ rm -f %{buildroot}/debugsourcefiles.list
 %{_bindir}/gif*
 
 %changelog
+* Tue May 14 2024 liwenjie <liwenjie@kylinos.cn> - 5.2.2-2
+- Fix CVE-2021-40633
+
 * Thu Mar 07 2024 liweigang <izmirvii@gmail.com> - 5.2.2-1
 - update to version 5.2.2