diff --git a/CVE-2025-47219.patch b/CVE-2025-47219.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0907b96c84e49091e00fd7c03ea9d8da1726e180
--- /dev/null
+++ b/CVE-2025-47219.patch
@@ -0,0 +1,36 @@
+From b80803943388050cb870c95934fc52feeffb94ac Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Sat, 3 May 2025 09:43:32 +0300
+Subject: [PATCH] qtdemux: Check if enough bytes are available for each stsd
+ entry
+
+There must be at least 8 bytes for the length / fourcc of each entry. After
+reading those, the length is already validated against the remaining available
+bytes.
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4407
+Fixes CVE-2025-47219
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9137>
+---
+ subprojects/gst-plugins-good/gst/isomp4/qtdemux.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index d4385834bc40..ca858a61c5d1 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -12056,6 +12056,10 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak, guint32 * mvhd_matrix)
+     gchar *codec = NULL;
+     QtDemuxStreamStsdEntry *entry = &stream->stsd_entries[stsd_index];
+ 
++    /* needs at least length and fourcc */
++    if (remaining_stsd_len < 8)
++      goto corrupt_file;
++
+     /* and that entry should fit within stsd */
+     len = QT_UINT32 (stsd_entry_data);
+     if (len > remaining_stsd_len)
+-- 
+GitLab
+
diff --git a/gstreamer1-plugins-good.spec b/gstreamer1-plugins-good.spec
index ec01114ff233d2d04b3dec5761f28a47d2dd81f1..b3ecfece229420da1ca3e0c4d42d1124eb1b9836 100644
--- a/gstreamer1-plugins-good.spec
+++ b/gstreamer1-plugins-good.spec
@@ -3,7 +3,7 @@
 
 Name:           gstreamer1-plugins-good
 Version:        1.20.3
-Release:        4
+Release:        5
 Summary:        GStreamer plugins with good code and licensing
 License:        LGPLv2+
 URL:            http://gstreamer.freedesktop.org/
@@ -37,6 +37,7 @@ Patch23:        CVE-2024-47545-pre1.patch
 Patch24:        CVE-2024-47545-pre2.patch
 Patch25:        CVE-2024-47545.patch
 Patch26:        CVE-2024-47544.patch
+Patch27:        CVE-2025-47219.patch
 
 BuildRequires:  meson >= 0.48.0
 BuildRequires:  gcc
@@ -202,6 +203,9 @@ install -p -D %{SOURCE1} %{buildroot}%{_metainfodir}/gstreamer-good.appdata.xml
 %endif
 
 %changelog
+* Sat May 31 2025 Funda Wang <fundawang@yeah.net> - 1.20.3-5
+- fix CVE-2025-47219
+
 * Fri Dec 20 2024 yaoxin <yao_xin001@hoperun.com> - 1.20.3-4
 - Fix CVE-2024-47544 and CVE-2024-47545