diff --git a/Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch b/Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4fdad848ff985dfc0e2c7f1b71eb1d3f679d1870
--- /dev/null
+++ b/Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch
@@ -0,0 +1,38 @@
+From 2c67902d594f7ae37b68cef1692b823b4b497e92 Mon Sep 17 00:00:00 2001
+From: "W. Felix Handte" <w@felixhandte.com>
+Date: Thu, 18 Jul 2019 12:41:12 -0400
+Subject: [PATCH 3/3] Fix Data Corruption Bug when Streaming with an Attached
+ Dict in HC Mode
+
+This diff fixes an issue in which we failed to clear the `dictCtx` in HC
+compression. The `dictCtx` is not supposed to be used when an `extDict` is
+present: matches found in the `dictCtx` do not account for the presence of an
+`extDict` segment, and their offsets are therefore miscalculated when one is
+present. This can lead to data corruption.
+
+This diff clears the `dictCtx` whenever setting an `extDict`.
+
+This issue was uncovered by @terrelln's fuzzing work.
+---
+ lib/lz4hc.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/lz4hc.c b/lib/lz4hc.c
+index b62e085..98813a6 100644
+--- a/lib/lz4hc.c
++++ b/lib/lz4hc.c
+@@ -940,6 +940,11 @@ static void LZ4HC_setExternalDict(LZ4HC_CCtx_internal* ctxPtr, const BYTE* newBl
+     if (ctxPtr->end >= ctxPtr->base + ctxPtr->dictLimit + 4)
+         LZ4HC_Insert (ctxPtr, ctxPtr->end-3);   /* Referencing remaining dictionary content */
+ 
++    /* cannot reference an extDict and a dictCtx at the same time */
++    if (ctxPtr->dictCtx != NULL) {
++        ctxPtr->dictCtx = NULL;
++    }
++
+     /* Only one memory segment for extDict, so any previous extDict is lost at this stage */
+     ctxPtr->lowLimit  = ctxPtr->dictLimit;
+     ctxPtr->dictLimit = (U32)(ctxPtr->end - ctxPtr->base);
+-- 
+1.8.3.1
+
diff --git a/backport-CVE-2021-3520.patch b/backport-CVE-2021-3520.patch
new file mode 100644
index 0000000000000000000000000000000000000000..053958dfe872769a3fd906ae1f764e97a2125cce
--- /dev/null
+++ b/backport-CVE-2021-3520.patch
@@ -0,0 +1,22 @@
+From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
+From: Jasper Lievisse Adriaanse <j@jasper.la>
+Date: Fri, 26 Feb 2021 15:21:20 +0100
+Subject: [PATCH] Fix potential memory corruption with negative memmove() size
+
+---
+ lib/lz4.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/lz4.c b/lib/lz4.c
+index 5f524d01d..c2f504ef3 100644
+--- a/lib/lz4.c
++++ b/lib/lz4.c
+@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
+                  const size_t dictSize         /* note : = 0 if noDict */
+                  )
+ {
+-    if (src == NULL) { return -1; }
++    if ((src == NULL) || (outputSize < 0)) { return -1; }
+ 
+     {   const BYTE* ip = (const BYTE*) src;
+         const BYTE* const iend = ip + srcSize;
diff --git a/lz4-1.9.3.tar.gz b/lz4-1.9.3.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..c26129a58b87b9a00b2889701abb76de2af5199d
Binary files /dev/null and b/lz4-1.9.3.tar.gz differ
diff --git a/lz4-1.9.4.tar.gz b/lz4-1.9.4.tar.gz
deleted file mode 100644
index b3e2eb945e367f6dc7b5bb5c80546f3e460a3b6d..0000000000000000000000000000000000000000
Binary files a/lz4-1.9.4.tar.gz and /dev/null differ
diff --git a/lz4.spec b/lz4.spec
index afb4f446cad8928bbd6f6c4a49794d26a5a59561..a2483b1edba7a9c050e637dd6b2f7c9f281aed55 100644
--- a/lz4.spec
+++ b/lz4.spec
@@ -1,17 +1,19 @@
 Name:           lz4
-Version:        1.9.4
-Release:        1
+Version:        1.9.3
+Release:        3
 Summary:        Extremely fast compression algorithm
 
 License:        GPLv2+ and BSD
 URL:            https://lz4.github.io/lz4/
 Source0:        https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version}.tar.gz
+Patch6000:      Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch
+Patch6001:      backport-CVE-2021-3520.patch
 
 Provides:       %{name}-libs = %{version}-%{release}
 Obsoletes:      %{name} < 1.7.5-3
 Obsoletes:      %{name}-libs
 
-BuildRequires:	gcc
+BuildRequires:	gcc git
 
 %description
 LZ4 is lossless compression algorithm, providing compression speed > 500 MB/s per
@@ -32,7 +34,7 @@ applications using liblz4 library.
 %package_help
 
 %prep
-%autosetup -n %{name}-%{version} -p1
+%autosetup -n %{name}-%{version} -p1 -Sgit
 cp %{_builddir}/%{name}-%{version}/lib/LICENSE %{_builddir}/%{name}-%{version}/LICENSE-lib
 
 %build
@@ -70,6 +72,9 @@ make check
 %{_mandir}/man1/unlz4.1*
 
 %changelog
+* Tue Nov 14 2023 yanglongkang <yanglongkang@h-partners.com> - 1.9.3-3
+- revert version to 1.9.3
+
 * Tue Oct 24 2023 yanglongkang <yanglongkang@h-partners.com> - 1.9.4-1
 - upgrade to 1.9.4-1