diff --git a/CVE-2020-15389.patch b/CVE-2020-15389.patch
new file mode 100644
index 0000000000000000000000000000000000000000..af75c9b96475a3d958085adb4b65aaf6ea149127
--- /dev/null
+++ b/CVE-2020-15389.patch
@@ -0,0 +1,38 @@
+From cf56972d371a0557f30d5de64b4b9d2e87c74a6a Mon Sep 17 00:00:00 2001
+From: zhangnaru <zhangnaru@huawei.com>
+Date: Sat, 25 Jul 2020 10:48:34 +0800
+Subject: [PATCH] CVE-2020-15389
+
+---
+ src/bin/jp2/opj_decompress.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
+index 4b9583b..af1661e 100644
+--- a/src/bin/jp2/opj_decompress.c
++++ b/src/bin/jp2/opj_decompress.c
+@@ -1316,10 +1316,6 @@ static opj_image_t* upsample_image_components(opj_image_t* original)
+ int main(int argc, char **argv)
+ {
+     opj_decompress_parameters parameters;           /* decompression parameters */
+-    opj_image_t* image = NULL;
+-    opj_stream_t *l_stream = NULL;              /* Stream */
+-    opj_codec_t* l_codec = NULL;                /* Handle to a decompressor */
+-    opj_codestream_index_t* cstr_index = NULL;
+ 
+     OPJ_INT32 num_images, imageno;
+     img_fol_t img_fol;
+@@ -1393,6 +1389,10 @@ int main(int argc, char **argv)
+ 
+     /*Decoding image one by one*/
+     for (imageno = 0; imageno < num_images ; imageno++)  {
++	opj_image_t* image = NULL;
++	opj_stream_t *l_stream = NULL;              /* stream */
++	opj_codec_t* l_codec = NULL;                /* Handle to a decompressor */
++	opj_codestream_index_t* cstr_index = NULL;
+ 
+         if (!parameters.quiet) {
+             fprintf(stderr, "\n");
+-- 
+2.23.0
+
diff --git a/openjpeg2.spec b/openjpeg2.spec
index d75ebccd5587919c1b7ecc8a7e50e9e3e61edb2b..e4f0659b73c65905a1966d52fcfe88112813f68a 100644
--- a/openjpeg2.spec
+++ b/openjpeg2.spec
@@ -1,6 +1,6 @@
 Name:           openjpeg2
 Version:        2.3.1
-Release:        2
+Release:        3
 Summary:        C-Library for JPEG 2000
 License:        BSD and MIT
 URL:            https://github.com/uclouvain/openjpeg
@@ -11,6 +11,7 @@ Patch1:         openjpeg2_opj2.patch
 
 Patch6000:	CVE-2016-10505.patch
 Patch6001:	CVE-2016-7445.patch
+Patch6002:      CVE-2020-15389.patch
 
 BuildRequires:  cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen
 
@@ -86,6 +87,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
 %{_mandir}/man3/*.3*
 
 %changelog
+* Sat Jul 25 2020 zhangnaru <zhangnaru@huawei.com> -2.3.1-3
+- fix CVE-2020-15389 
+
 * Thu Sep 19 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.3.1-2
 - fix CVE-2016-10505 and CVE-2016-7445