diff --git a/CVE-2025-47219.patch b/CVE-2025-47219.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0907b96c84e49091e00fd7c03ea9d8da1726e180
--- /dev/null
+++ b/CVE-2025-47219.patch
@@ -0,0 +1,36 @@
+From b80803943388050cb870c95934fc52feeffb94ac Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Sat, 3 May 2025 09:43:32 +0300
+Subject: [PATCH] qtdemux: Check if enough bytes are available for each stsd
+ entry
+
+There must be at least 8 bytes for the length / fourcc of each entry. After
+reading those, the length is already validated against the remaining available
+bytes.
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4407
+Fixes CVE-2025-47219
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9137>
+---
+ subprojects/gst-plugins-good/gst/isomp4/qtdemux.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index d4385834bc40..ca858a61c5d1 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -12056,6 +12056,10 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak, guint32 * mvhd_matrix)
+     gchar *codec = NULL;
+     QtDemuxStreamStsdEntry *entry = &stream->stsd_entries[stsd_index];
+ 
++    /* needs at least length and fourcc */
++    if (remaining_stsd_len < 8)
++      goto corrupt_file;
++
+     /* and that entry should fit within stsd */
+     len = QT_UINT32 (stsd_entry_data);
+     if (len > remaining_stsd_len)
+-- 
+GitLab
+
diff --git a/gstreamer1-plugins-good.spec b/gstreamer1-plugins-good.spec
index 9072135bfaf657df3e3de67eff762bfef981f1a8..7c3befdb74e911be298a4ef4ccd23bfe4e30160f 100644
--- a/gstreamer1-plugins-good.spec
+++ b/gstreamer1-plugins-good.spec
@@ -3,7 +3,7 @@
 
 Name:		    gstreamer1-plugins-good		
 Version:	    1.16.2
-Release:	    9
+Release:	    10
 Summary:	    GStreamer plugins with good code and licensing
 License:	    LGPLv2+	
 URL:		    http://gstreamer.freedesktop.org/
@@ -50,6 +50,7 @@ Patch0028:          CVE-2024-47545-pre1.patch
 Patch0029:          CVE-2024-47545-pre2.patch
 Patch0030:          CVE-2024-47545.patch
 Patch0031:          CVE-2024-47544.patch
+Patch0032:          CVE-2025-47219.patch
 
 BuildRequires:	gcc gcc-c++ gstreamer1-devel gstreamer1-plugins-base-devel flac-devel
 BuildRequires:  gdk-pixbuf2-devel libjpeg-devel libpng-devel libshout-devel orc-devel
@@ -136,6 +137,9 @@ echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
 %doc %{_datadir}/gtk-doc/html/*
 
 %changelog
+* Sat May 31 2025 Funda Wang <fundawang@yeah.net> - 1.16.2-10
+- fix CVE-2025-47219
+
 * Mon Apr 21 2025 wangshuo <wangshuo@kylinos.cn> - 1.16.2-9
 - Fixed an issue where the patch for CVE-2021-3497 and CVE-2021-3498 was reversed