diff --git a/backport-CVE-2021-4156.patch b/backport-CVE-2021-4156.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c39c029208fd2484d09b611e962fd2b3ea5328d4
--- /dev/null
+++ b/backport-CVE-2021-4156.patch
@@ -0,0 +1,25 @@
+From ced91d7b971be6173b604154c39279ce90ad87cc Mon Sep 17 00:00:00 2001
+From: yuan <ssspeed00@gmail.com>
+Date: Tue, 20 Apr 2021 16:16:32 +0800
+Subject: [PATCH] flac: Fix improper buffer reusing (#732)
+
+---
+ src/flac.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/flac.c b/src/flac.c
+index 64d0172e6..e33204505 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -948,7 +948,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
+ 	/* Decode some more. */
+ 	while (pflac->pos < pflac->len)
+ 	{	if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
++		{	psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
++			/* Current frame is busted, so NULL the pointer. */
++			pflac->frame = NULL ;
+ 			break ;
++			} ;
+ 		state = FLAC__stream_decoder_get_state (pflac->fsd) ;
+ 		if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
+ 		{	psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;
diff --git a/libsndfile.spec b/libsndfile.spec
index b24ae7208559bf6bcecca6abd1b916a8d739fc05..2c8a23db4f16a0a5a25524cd222e4ccc28b7fd11 100644
--- a/libsndfile.spec
+++ b/libsndfile.spec
@@ -1,6 +1,6 @@
 Name: libsndfile
 Version: 1.0.28
-Release: 19
+Release: 20
 Summary: Library for reading and writing sound files
 License: LGPLv2+ and GPLv2+ and BSD
 URL: http://www.mega-nerd.com/libsndfile/
@@ -22,6 +22,7 @@ Patch6004:	libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-20
 Patch6005:	libsndfile-1.0.28-CVE-2017-14634.patch
 Patch6006:	libsndfile-1.0.28-CVE-2017-8362.patch
 Patch6007:	backport-CVE-2021-3246.patch
+Patch6008:	backport-CVE-2021-4156.patch
 
 %description
 Libsndfile is a C library for reading and writing files containing
@@ -128,6 +129,9 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
 %{_mandir}/man1/sndfile-salvage.1*
 
 %changelog
+* Mon May 16 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 1.0.28-20
+- fix CVE-2021-4156
+
 * Thu Sep 23 2021 zhouwenpei <zhouwenpei1@huawei.com> - 1.0.28-19
 - fix CVE-2021-3246