diff --git a/fix-CVE-2025-62813.patch b/fix-CVE-2025-62813.patch
new file mode 100644
index 0000000000000000000000000000000000000000..be0d938a9fc72b8d4f01307f7776845a3f704ba1
--- /dev/null
+++ b/fix-CVE-2025-62813.patch
@@ -0,0 +1,67 @@
+From f64efec011c058bd70348576438abac222fe6c82 Mon Sep 17 00:00:00 2001
+From: louislafosse <louis.lafosse@epitech.eu>
+Date: Mon, 31 Mar 2025 20:48:52 +0200
+Subject: [PATCH] fix(null) : improve error handlings when passing a null
+ pointer to some functions from lz4frame
+
+---
+ lib/lz4frame.c    | 15 +++++++++++++--
+ tests/frametest.c |  7 +++++--
+ 2 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/lib/lz4frame.c b/lib/lz4frame.c
+index 174f9ae..cc6ed6f 100644
+--- a/lib/lz4frame.c
++++ b/lib/lz4frame.c
+@@ -530,9 +530,16 @@ LZ4F_CDict*
+ LZ4F_createCDict_advanced(LZ4F_CustomMem cmem, const void* dictBuffer, size_t dictSize)
+ {
+     const char* dictStart = (const char*)dictBuffer;
+-    LZ4F_CDict* const cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem);
++    LZ4F_CDict* cdict = NULL;
++
+     DEBUGLOG(4, "LZ4F_createCDict_advanced");
+-    if (!cdict) return NULL;
++
++    if (!dictStart)
++        return NULL;
++    cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem);
++    if (!cdict)
++        return NULL;
++
+     cdict->cmem = cmem;
+     if (dictSize > 64 KB) {
+         dictStart += dictSize - 64 KB;
+@@ -1429,6 +1436,10 @@ LZ4F_errorCode_t LZ4F_getFrameInfo(LZ4F_dctx* dctx,
+                                    LZ4F_frameInfo_t* frameInfoPtr,
+                              const void* srcBuffer, size_t* srcSizePtr)
+ {
++    assert(dctx != NULL);
++    RETURN_ERROR_IF(frameInfoPtr == NULL, parameter_null);
++    RETURN_ERROR_IF(srcSizePtr == NULL, parameter_null);
++
+     LZ4F_STATIC_ASSERT(dstage_getFrameHeader < dstage_storeFrameHeader);
+     if (dctx->dStage > dstage_storeFrameHeader) {
+         /* frameInfo already decoded */
+diff --git a/tests/frametest.c b/tests/frametest.c
+index 3301955..5359c9a 100644
+--- a/tests/frametest.c
++++ b/tests/frametest.c
+@@ -589,9 +589,12 @@ int basicTests(U32 seed, double compressibility)
+         size_t const srcSize = 65 KB; /* must be > 64 KB to avoid short-size optimizations */
+         size_t const dstCapacity = LZ4F_compressFrameBound(srcSize, NULL);
+         size_t cSizeNoDict, cSizeWithDict;
+-        LZ4F_CDict* const cdict = LZ4F_createCDict(CNBuffer, dictSize);
+-        if (cdict == NULL) goto _output_error;
++        LZ4F_CDict* cdict = NULL;
++
+         CHECK( LZ4F_createCompressionContext(&cctx, LZ4F_VERSION) );
++        cdict = LZ4F_createCDict(CNBuffer, dictSize);
++        if (cdict == NULL)
++            goto _output_error;
+ 
+         DISPLAYLEVEL(3, "Testing LZ4F_createCDict_advanced : ");
+         {   LZ4F_CDict* const cda = LZ4F_createCDict_advanced(lz4f_cmem_test, CNBuffer, dictSize);
+-- 
+2.43.0
+
diff --git a/lz4.spec b/lz4.spec
index b2c6f30c50b5e7be9d21f34020fbd5c3f20da516..5e5f11f28e20075737d2fd6e3d191c825a610323 100644
--- a/lz4.spec
+++ b/lz4.spec
@@ -1,6 +1,6 @@
 Name:           lz4
 Version:        1.9.4
-Release:        4
+Release:        5
 Summary:        Extremely fast compression algorithm
 
 License:        GPLv2+ and BSD
@@ -8,6 +8,7 @@ URL:            https://lz4.github.io/lz4/
 Source0:        https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version}.tar.gz
 
 Patch0:         riscv_zicclsm_lz4_force_mem_access_2.patch
+Patch1:         fix-CVE-2025-62813.patch
 
 Provides:       %{name}-libs = %{version}-%{release}
 Obsoletes:      %{name} < 1.7.5-3
@@ -72,6 +73,9 @@ make check
 %{_mandir}/man1/unlz4.1*
 
 %changelog
+* Thu Oct 23 2025 Deyuan Fan <fandeyuan@kylinos.cn> - 1.9.4-5
+- fix CVE-2025-62813
+
 * Tue Sep  9 2025 yixiangzhike <yixiangzhike007@163.com> - 1.9.4-4
 - do not expand the rpm macro in changelog