diff --git a/CVE-2022-34503.patch b/CVE-2022-34503.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f01a746f0c875f80e2f5cb19d320f7c3a44cfad1
--- /dev/null
+++ b/CVE-2022-34503.patch
@@ -0,0 +1,33 @@
+From 674dafd5a778643f103fff4d5ff1b140db293a59 Mon Sep 17 00:00:00 2001
+From: starlet-dx <15929766099@163.com>
+Date: Mon, 5 Aug 2024 17:05:58 +0800
+Subject: [PATCH 1/1] heap-buffer-overflow in QPDF::processXRefStream found by ASAN
+
+Origin: 
+https://github.com/qpdf/qpdf/issues/701
+https://bugzilla.suse.com/show_bug.cgi?id=1201830#c5
+---
+ libqpdf/QPDF.cc | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc
+index c1e30e0..9313588 100644
+--- a/libqpdf/QPDF.cc
++++ b/libqpdf/QPDF.cc
+@@ -1014,6 +1014,13 @@ QPDF::processXRefStream(qpdf_offset_t xref_offset, QPDFObjectHandle& xref_obj)
+                           "Cross-reference stream's /W contains"
+                           " impossibly large values");
+         }
++        if (W[i] < 0)
++        {
++            throw QPDFExc(qpdf_e_damaged_pdf, this->m->file->getName(),
++                          "xref stream", xref_offset,
++                          "Cross-reference stream's /W contains"
++                          " negative values");
++        }
+ 	entry_size += W[i];
+     }
+     if (entry_size == 0)
+-- 
+2.33.0
+
diff --git a/qpdf.spec b/qpdf.spec
index dca3228c987fad2f3c7cc825585a2e99f6e7aa9a..50c4be65323dc661b265af035540df1ffe7b8db6 100644
--- a/qpdf.spec
+++ b/qpdf.spec
@@ -1,6 +1,6 @@
 Name:           qpdf
 Version:        8.4.2
-Release:        4
+Release:        5
 Summary:        A command-line program to transform PDF files
 License:        (Artistic 2.0 or ASL 2.0) and MIT
 URL:            http://qpdf.sourceforge.net/
@@ -10,6 +10,7 @@ Patch0000:      qpdf-doc.patch
 Patch0001:      qpdf-erase-tests-with-generated-object-stream.patch
 # https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5
 Patch0002:      CVE-2021-25786.patch
+Patch0003:      CVE-2022-34503.patch
 
 BuildRequires:  gcc gcc-c++ zlib-devel libjpeg-turbo-devel pcre-devel
 BuildRequires:  perl-interpreter perl-generators perl(Digest::MD5)
@@ -45,6 +46,7 @@ This package contains some man help and other files for %{name}.
 %setup 
 %patch0000 -p1 
 %patch0002 -p1
+%patch0003 -p1
 %ifarch aarch64
 %patch0001 -p1
 %endif
@@ -87,6 +89,9 @@ make check
 %{_mandir}/man1/*
 
 %changelog
+* Mon Aug 05 2024 yaoxin <yao_xin001@hoperun.com> - 8.4.2-5
+- Fix CVE-2022-34503
+
 * Mon Aug 21 2023 yaoxin <yao_xin001@hoperun.com> - 8.4.2-4
 - Fix CVE-2021-25786