diff --git a/backport-CVE-2023-47466.patch b/backport-CVE-2023-47466.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7eb2e326f0b71803d9c1def84737b6b8dcc6022d
--- /dev/null
+++ b/backport-CVE-2023-47466.patch
@@ -0,0 +1,34 @@
+From dfa33bec0806cbb45785accb8cc6c2048a7d40cf Mon Sep 17 00:00:00 2001
+From: Urs Fleisch <ufleisch@users.sourceforge.net>
+Date: Sun, 5 Nov 2023 14:40:18 +0100
+Subject: [PATCH] Fix crash with invalid WAV files (#1163) (#1164)
+
+With specially crafted WAV files having the "id3 " chunk as the
+only valid chunk, when trying to write the tags, the existing
+"id3 " chunk is removed, and then vector::front() is called on
+the now empty chunks vector.
+Now it is checked if the vector is empty to avoid the crash.
+---
+ taglib/riff/rifffile.cpp     |   3 +++
+ tests/data/invalid-chunk.wav | Bin 0 -> 40 bytes
+ tests/test_wav.cpp           |  18 ++++++++++++++++++
+ 3 files changed, 21 insertions(+)
+ create mode 100644 tests/data/invalid-chunk.wav
+
+Conflict:Remove patch error test use case
+Reference:https://github.com/taglib/taglib/commit/dfa33bec0806cbb45785accb8cc6c2048a7d40cf
+
+diff --git a/taglib/riff/rifffile.cpp b/taglib/riff/rifffile.cpp
+index 005551f..f615e6c 100644
+--- a/taglib/riff/rifffile.cpp
++++ b/taglib/riff/rifffile.cpp
+@@ -361,6 +361,9 @@ void RIFF::File::writeChunk(const ByteVector &name, const ByteVector &data,
+ 
+ void RIFF::File::updateGlobalSize()
+ {
++  if(d->chunks.empty())
++    return;
++
+   const Chunk first = d->chunks.front();
+   const Chunk last  = d->chunks.back();
+   d->size = last.offset + last.size + last.padding - first.offset + 12;
diff --git a/taglib.spec b/taglib.spec
index 50ae86b81e23e175c6bfbea1c76f1270d8d7a8b4..3de2808547694fd6e11b12df6db77c08a417194c 100644
--- a/taglib.spec
+++ b/taglib.spec
@@ -1,11 +1,13 @@
 Name:          taglib
 Summary:       Audio Meta-Data Library
 Version:       1.13.1
-Release:       2
+Release:       3
 License:       (LGPL-2.1-only OR MPL-1.1) AND BSD-2-Clause AND LGPL-2.1-only
 URL:           https://taglib.org/
 Source0:       https://github.com/%{name}/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
 
+Patch0:        backport-CVE-2023-47466.patch
+
 BuildRequires: gcc gcc-c++ cmake pkgconfig zlib-devel
 
 %description
@@ -50,7 +52,13 @@ Files needed when building software with %{name}.
 
 
 %changelog
-* Wed Nov 20 2024 Funda Wang <fundawang@yeah.net> - 1.13.1-2
+* Tue May 27 2025 Xingwei <xingwei14@h-partners.com> - 1.13.1-3
+- Type:CVE
+- CVE:CVE-2023-47466
+- SUG:NA
+- DESC:fix CVE-2023-47466
+
+* We Nov 20 2024 Funda Wang <fundawang@yeah.net> - 1.13.1-2
 - adopt to new cmake macro
 - cleanup spec