diff --git a/15cf3d95814dc931ca0ecb132f81cb152e051bae.patch b/15cf3d95814dc931ca0ecb132f81cb152e051bae.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7e531f19dbd6b68068f332301bd363bd1c018f39
--- /dev/null
+++ b/15cf3d95814dc931ca0ecb132f81cb152e051bae.patch
@@ -0,0 +1,16 @@
+diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
+index 1926f6f03..cb305a63b 100644
+--- a/src/lib/openjp2/tcd.c
++++ b/src/lib/openjp2/tcd.c
+@@ -1245,9 +1245,10 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t *
+     /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */
+     /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */
+     /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */
++    /* and +28 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 44) */
+     /* TODO: is there a theoretical upper-bound for the compressed code */
+     /* block size ? */
+-    l_data_size = 26 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
++    l_data_size = 28 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
+                                    (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
+ 
+     if (l_data_size > p_code_block->data_size) {
diff --git a/openjpeg2.spec b/openjpeg2.spec
index e4f0659b73c65905a1966d52fcfe88112813f68a..369c0fc6d242a7286cbef31c77e5ff0055bb0d27 100644
--- a/openjpeg2.spec
+++ b/openjpeg2.spec
@@ -1,6 +1,6 @@
 Name:           openjpeg2
 Version:        2.3.1
-Release:        3
+Release:        4
 Summary:        C-Library for JPEG 2000
 License:        BSD and MIT
 URL:            https://github.com/uclouvain/openjpeg
@@ -12,6 +12,7 @@ Patch1:         openjpeg2_opj2.patch
 Patch6000:	CVE-2016-10505.patch
 Patch6001:	CVE-2016-7445.patch
 Patch6002:      CVE-2020-15389.patch
+Patch6003: 15cf3d95814dc931ca0ecb132f81cb152e051bae.patch
 
 BuildRequires:  cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen
 
@@ -87,6 +88,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
 %{_mandir}/man3/*.3*
 
 %changelog
+* 20201124013007644193 patch-tracking 2.3.1-4
+- append patch file of upstream repository from <15cf3d95814dc931ca0ecb132f81cb152e051bae> to <15cf3d95814dc931ca0ecb132f81cb152e051bae>
+
 * Sat Jul 25 2020 zhangnaru <zhangnaru@huawei.com> -2.3.1-3
 - fix CVE-2020-15389 
 
@@ -94,4 +98,4 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
 - fix CVE-2016-10505 and CVE-2016-7445
 
 * Thu Sep 19 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.3.1-1
-- Package init
+- Package init
\ No newline at end of file