diff --git a/CVE-2023-37328.patch b/CVE-2023-37328.patch
new file mode 100644
index 0000000000000000000000000000000000000000..56778e644c4fa9d7237b12794db80ae8acc10b9c
--- /dev/null
+++ b/CVE-2023-37328.patch
@@ -0,0 +1,25 @@
+From 18b887d30a81deadd600017265cb61f5d0e1bea0 Mon Sep 17 00:00:00 2001
+From: technology208 <technology@208suo.com>
+Date: Thu, 14 Mar 2024 15:54:38 +0800
+Subject: [PATCH] Create Patch
+
+---
+ gst/subparse/gstsubparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c
+index 4254158..e8d3eca 100644
+--- a/gst/subparse/gstsubparse.c
++++ b/gst/subparse/gstsubparse.c
+@@ -814,7 +814,7 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
+     }
+ 
+     if (*next_tag == '<' && *(next_tag + 1) == '/') {
+-      end_tag = strchr (cur, '>');
++      end_tag = strchr (next_tag, '>');
+       if (end_tag) {
+         const gchar *last = NULL;
+         if (num_open_tags > 0)
+-- 
+2.33.0
+
diff --git a/gstreamer1-plugins-base.spec b/gstreamer1-plugins-base.spec
index 80d3c5abe8ec28dc3edf6a6f077d2783a726a18a..33caf9c4b70e49342a4ffc1bd0e406896ee006f2 100644
--- a/gstreamer1-plugins-base.spec
+++ b/gstreamer1-plugins-base.spec
@@ -3,7 +3,7 @@
 
 Name:            gstreamer1-plugins-base
 Version:         1.16.2
-Release:         2
+Release:         3
 Summary:         GStreamer streaming media framework base plugins
 License:         LGPLv2+
 URL:             http://gstreamer.freedesktop.org/
@@ -11,7 +11,7 @@ Source0:         http://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugi
 
 Patch0:         0001-missing-plugins-Remove-the-mpegaudioversion-field.patch
 Patch1:         Adapt-to-backwards-incompatible-change-in-GUN.patch
-
+Patch2:         CVE-2023-37328.patch
 Patch6000:      backport-CVE-2021-3522.patch
 
 BuildRequires:  gcc-c++ gstreamer1-devel >= %{version} gobject-introspection-devel >= 1.31.1 iso-codes-devel alsa-lib-devel
@@ -52,6 +52,7 @@ This package provides manual for developpers.
 %patch0 -p1
 %patch1 -p1
 %patch6000 -p1
+%patch2 -p1
 
 %build
 NOCONFIGURE=1 \
@@ -273,6 +274,9 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -fv {} ';'
 %{_mandir}/man1/gst-device-monitor-*.gz
 
 %changelog
+* Fri Mar 15 2024 technology208 <technology@208suo.com> - 1.16.2-3
+- fix CVE-2023-37328
+
 * Fri Mar 18 2022 dongyuzhen <dongyuzhen@h-partners.com> - 1.16.2-2
 - fix CVE-2021-3522