diff --git a/0001-CVE-2023-51257.patch b/0001-CVE-2023-51257.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3fb9f54cb757b6fab3f58393dac08995ad6fa8e8
--- /dev/null
+++ b/0001-CVE-2023-51257.patch
@@ -0,0 +1,88 @@
+From c1badf9f4ca361195839c52ef0efcca088f84cb6 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 8 Jul 2024 16:33:39 +0800
+Subject: [PATCH] CVE-2023-51257
+
+---
+ data/test/bad/367-PoC.jp2    | Bin 0 -> 2916 bytes
+ src/libjasper/base/jas_icc.c |  10 ++++++++++
+ 2 files changed, 10 insertions(+)
+ create mode 100644 data/test/bad/367-PoC.jp2
+
+diff --git a/data/test/bad/367-PoC.jp2 b/data/test/bad/367-PoC.jp2
+new file mode 100644
+index 0000000000000000000000000000000000000000..96e73789bd0e8983367d447b5084ed739479b0bf
+GIT binary patch
+literal 2916
+zcma)84OCO-8Gdi>O~NqTsa3Gp;YF=QB`k>!NLx|<3?RcS{HVxALvr&Ymn7c&Ac`)<
+zt<`NF@u$aQtF2m@o8qRe?pTXetOwoJ8cVg4BZGCV73x;1uCB^l_I?Q@(8JkwZ|?n`
+z?|q-|eV_0BzI$%~K(R{CadELP#sa`3i>JZ0%BA5DL%5BJ!`6n~c)QIkVmm%`F>*PD
+zK>nu5DToq8Ape!o<q{+uK%K)Q8gx0_@)ebwybC1oIE;ft7-uxOUD<klF<}!fX-6OT
+zKLQdJK2(nFAI<(oZ=9KToBTk<pxtS9o9Y0lH2_k<<PtpqvQN<-Q}1yhmOp`bl86Ek
+zs|dD+aUQ`nVZ1!VDKq3EhiGL@HlrDFBjVJW5q9ecOf;aM9FugsgBR^4j?_XgIxTjA
+z4}1O}_Xy^HgLQ&;IA0R-6z<y6CD^8rx!c47!w}wQGUk^eo{9ELE>8}z&qDk+Z*6%t
+z;yD14i578jd6+MGcCD>!8RB@fo9&*$vLX9gM@`96#5h)Rpw_vB#37tZCU-8@5~d^W
+zvGIjujZqH`W<D<;aVp{@o3~&nK3(MYl@fa>&RSb;31W;xi>r)9dc=u{H;GOI$%UHf
+z1H7OkxiCK6;qvH*G|+txp@ihZ`7$i;4$To`(tRFVSwVO#lkO4AhQ>0L7W?ADA%3Gv
+z2<=7G#vByA2BHn)Ggpjaz78?QVeayda#A<M(kW(R9;s~_;w-43jKG5vYVd9X2Rs4}
+z44{J?Y+WFt#{zZ`(88maM~j_`gIctW&C`cC;W1H$H8i@9jK(ZubHW+=hd53qfl)E@
+z@Op+RW)?7+j21X%A+w0dV)D?cWuA#B(2vl`fff2uX*kYm@M317qXKf86TK;sF<g^a
+zZ8rtBeu-+LvvfxN7$-7g)a)Et0dQjlhG(Z7S*MGQZBrs1?izEd>O;lFMp*j4>MQ+J
+z+9$n+_bzF7biDM2v>VSZ$i@{ALW=58l|8f)?g&pgY7Xtl^nelXA0y9+T8EX6T2YIm
+zIWg)XmEd12xnBZJsZp!yPpZGGuBrB`4ytaC$`Oq?s!H?@`XqgZev3X$zXu$Bj&7&V
+z(jD|~>9->>$6otzl*rnL=1Xj3wqzBC^Np-E4+5LRPGx7XdF(XyNwzq`;@AXM%@(jv
+zp=WAj-Gr!r)LiVa0&6u~)v<GtC%_KnsKgHS$Q7}wq{0qpz^EgilOd%{5~F4czp-mG
+z$zC2-A<LKL$+Cfy&5>zkYFQD%!%v><DfDUao*z*kesUs=Q8VC2u&^qTILgqjBYTyM
+z_MvV8b@Lv64SqWSa-FUQ(QdVQIE_k`!DZv8jOPj+rnFSfC<t80<>o}*&5J(XoCf4O
+zNX7x&GlafxRD2+6^L!s*!58?>x)QZjdI4J9015M>wiJ9PPJRvGRJzG4`oi&mqTUB^
+zTjps(eM*so@1~w$@E*Re<l6xrZ3_km4+MjcUdQ;|0OthcO*ff&3ozjk_==VwqVST0
+z5RE7nwR6}`#Mbl#2mdCQgz(6p0#k5l@COji82&Rr9N}YhpOI5k<QFu60!b7lWiWTJ
+z3T8~NPx5_^XPXnBHpgGB#dw<aG@kj(I`K3H&G2oYmKbY|X0Othk)}aI6&kQtY;52~
+zWue33e3}!S)@seVJYMh^m3b-d)n22>o0YsMI>p)F4V#NoY8pJed-nQNZWzWY)mlxO
+zDwX3h(=_~Cl_oaW4CGG`NXmf<?l>nI4}O2(szTBo>&N5bImL#3`t^TVBw=>N@ZtU<
+z*C6;AW;H7f1g<76<Qg7s1lGKFOQ&!CxI?|Inxoe7?sqCJ`$(Lm4g0<vZ1=O%i>oKr
+z?@*K+erWhe72EXZ+X11sx#dA@piTd+0mXy5qd(fc`YY<ro5trCUHy)^J~91l*RQ7q
+z)2p7mkhMhp`A<)_X>ILOUi!o3(<Kx4ADmErq$H<qfiFL6jo;tfyl3#jt)7|5&BtT9
+zU!8p-|MyA0%M+Bop4tr{ZCrlvP~Xv*f7}Q(zx=|?8!3AznQ`io4?1>Nyu9!YzeJb0
+ztv%3ocYUAwev)51zPe>lQ?E%e{Jb)`^JlSzrlQ>~eepd(oA%x3f2iA(v$$~k^=y;#
+z`g5BeewJvJS|1)$)Mb1;-?#Qyf6<1j$=YXcUb(P0P`c?cW5U@cm1<|)+tUU!=T`cP
+zSN6Bu+H&`eU%a$&<C&*_vSEiWeNFE=NqupPP;~oW9dVD?*6R5E8Kp-ub??5qdwYD!
+z*1BaKD~@-zmd#jMw)K_oWo=eJXiK?1XQ#Ta?XxfbnX5kk<ALT*T^3ayKajlYu`DeX
+zy6yb>o5$}@h79*!m8~J6VDq704t(|cnZyU{3ckKsk^Ih0?sEF9qaPH!b^edCEnlZz
+zZmc?cg6*Pn3tA@}JG}q>Tc<bQfyKR7FU411IKHhu=DAsW<$T8{bFa4z6eT-LUn$J<
+z9e$xq&89wHaqn8DBGG!|Jzev_Yx8!^-yBRhnVa8qsziQg=gQ7qC-(gAlZ5`?1iStN
+DxIx@F
+
+literal 0
+HcmV?d00001
+
+diff --git a/src/libjasper/base/jas_icc.c b/src/libjasper/base/jas_icc.c
+index f3ffcef..eb25929 100644
+--- a/src/libjasper/base/jas_icc.c
++++ b/src/libjasper/base/jas_icc.c
+@@ -1324,12 +1324,22 @@ static int jas_icctxt_input(jas_iccattrval_t *attrval, jas_stream_t *in,
+ {
+ 	jas_icctxt_t *txt = &attrval->data.txt;
+ 	txt->string = 0;
++	/* The string must at least contain a single null character. */
++	if (cnt < 1) {
++		goto error;
++	}
+ 	if (!(txt->string = jas_malloc(cnt))) {
+ 		goto error;
+ 	}
+ 	if (jas_stream_read(in, txt->string, cnt) != cnt) {
+ 		goto error;
+ 	}
++	/* Ensure that the string is null terminated. */
++	if (txt->string[cnt - 1] != '\0') {
++		goto error;
++	}
++	/* The following line is redundant, unless we do not enforce that
++	  the last character must be null. */
+ 	txt->string[cnt - 1] = '\0';
+ 	if (strlen(txt->string) + 1 != cnt) {
+ 		goto error;
+-- 
+2.27.0
+
diff --git a/jasper.spec b/jasper.spec
index 1e5f1d34cbfef0341f917088b2776ce00e26a5e7..f3d356486fc442535a37da5c07e8d33bdebe38f7 100644
--- a/jasper.spec
+++ b/jasper.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 
 Summary: Implementation of the JPEG-2000 standard, Part 1
 Name:    jasper
@@ -11,6 +11,7 @@ Source0: https://github.com/jasper-software/jasper/releases/download/version-%{v
 
 # skip hard-coded prefix/lib rpath
 Patch1: jasper-3.0.0-rpath.patch
+Patch2: 0001-CVE-2023-51257.patch
 
 # autoreconf
 BuildRequires: cmake
@@ -20,6 +21,7 @@ BuildRequires: libjpeg-devel
 BuildRequires: libXmu-devel libXi-devel
 BuildRequires: doxygen
 BuildRequires: mesa-libGL-devel
+BuildRequires: git
 
 Requires: %{name}-libs = %{version}-%{release}
 BuildRequires: gcc
@@ -63,7 +65,7 @@ Requires: %{name}-libs = %{version}-%{release}
 
 
 %prep
-%autosetup -p1 -n %{name}-%{version}
+%autosetup -n  %{name}-%{version} -p1 -S git
 
 %build
 %cmake \
@@ -103,6 +105,9 @@ Requires: %{name}-libs = %{version}-%{release}
 %{_mandir}/man1/jiv.1*
 
 %changelog
+* Mon Jul 08 2024 pangqing <pangqing@uniontech.com> - 4.0.0-2
+- Fix CVE-2023-51257
+
 * Sun Feb 12 2023 Funda Wang <fundawang@yeah.net> - 4.0.0-1
 - New version 4.0.0