diff --git a/backport-CVE-2020-27814.patch b/backport-CVE-2020-27814.patch
new file mode 100644
index 0000000000000000000000000000000000000000..35c22dae8b4a0d784c3ff7600d23108278667d41
--- /dev/null
+++ b/backport-CVE-2020-27814.patch
@@ -0,0 +1,43 @@
+From eaa098b59b346cb88e4d10d505061f669d7134fc Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Mon, 23 Nov 2020 13:49:05 +0100
+Subject: [PATCH] Encoder: grow buffer size in
+ opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in
+ opj_mqc_flush (fixes #1283)
+
+reference:
+https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc
+https://github.com/uclouvain/openjpeg/commit/15cf3d95814dc931ca0ecb132f81cb152e051bae
+https://github.com/uclouvain/openjpeg/commit/649298dcf84b2f20cfe458d887c1591db47372a6
+https://github.com/uclouvain/openjpeg/commit/4ce7d285a55d29b79880d0566d4b010fe1907aa9
+
+---
+ src/lib/openjp2/tcd.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
+index be3b843..673cca2 100644
+--- a/src/lib/openjp2/tcd.c
++++ b/src/lib/openjp2/tcd.c
+@@ -1219,10 +1219,16 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t *
+
+     /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
+     /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */
++    /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */
++    /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */
++    /* and +28 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 44) */
++    /* and +33 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 4) */
++    /* and +63 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 4 -IMF 2K) */
++    /* and +74 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 4 -n 8 -s 7,7 -I) */
+     /* TODO: is there a theoretical upper-bound for the compressed code */
+     /* block size ? */
+-    l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
+-                                   (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
++    l_data_size = 74 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
++                                    (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
+
+     if (l_data_size > p_code_block->data_size) {
+         if (p_code_block->data) {
+--
+2.23.0
+
diff --git a/openjpeg2.spec b/openjpeg2.spec
index e4f0659b73c65905a1966d52fcfe88112813f68a..6c4e76527479db28070b63ea7db945f3ece36232 100644
--- a/openjpeg2.spec
+++ b/openjpeg2.spec
@@ -1,6 +1,6 @@
 Name:           openjpeg2
 Version:        2.3.1
-Release:        3
+Release:        4
 Summary:        C-Library for JPEG 2000
 License:        BSD and MIT
 URL:            https://github.com/uclouvain/openjpeg
@@ -12,6 +12,7 @@ Patch1:         openjpeg2_opj2.patch
 Patch6000:	CVE-2016-10505.patch
 Patch6001:	CVE-2016-7445.patch
 Patch6002:      CVE-2020-15389.patch
+Patch6003:      backport-CVE-2020-27814.patch
 
 BuildRequires:  cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen
 
@@ -87,6 +88,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
 %{_mandir}/man3/*.3*
 
 %changelog
+* Sat Feb 20 2021 jinzhimin <jinzhimin2@huawei.com> - 2.3.1-4
+- fix CVE-2020-27814
+
 * Sat Jul 25 2020 zhangnaru <zhangnaru@huawei.com> -2.3.1-3
 - fix CVE-2020-15389