diff --git a/CVE.md b/CVE.md
index f308eec07e0bb44a69afbe4bf9c9ac3e153f16df..590de3f2cb2df0dcb5dec0f9b8e253537ecc6538 100644
--- a/CVE.md
+++ b/CVE.md
@@ -6,3 +6,6 @@
 | CVE-2021-3497 | 误报 | https://gstreamer.freedesktop.org/security/sa-2021-0002.html |
 | CVE-2021-3498 | 误报 | https://gstreamer.freedesktop.org/security/sa-2021-0003.html |
 | CVE-2021-3185 | 误报 | https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/11353b3f6e2f047cc37483d21e6a37ae558896bc |
+| CVE-2023-37327 | 已修复 | https://gstreamer.freedesktop.org/security/sa-2023-0001.html |
+| CVE-2023-37328 | 已修复 | https://gstreamer.freedesktop.org/security/sa-2023-0002.html |
+| CVE-2023-37329 | 已修复 | https://gstreamer.freedesktop.org/security/sa-2023-0003.html |
diff --git a/gstplugins_bad/gst/dvdspu/gstspu-pgs.c b/gstplugins_bad/gst/dvdspu/gstspu-pgs.c
index 6108de07c2ea9fe24921a0db9b33fc352b02eb9e..05b88502a32019bb20f84a1df70bb9274eba0c01 100644
--- a/gstplugins_bad/gst/dvdspu/gstspu-pgs.c
+++ b/gstplugins_bad/gst/dvdspu/gstspu-pgs.c
@@ -593,6 +593,11 @@ parse_set_object_data (GstDVDSpu * dvdspu, guint8 type, guint8 * payload,
     obj->rle_data_size = GST_READ_UINT24_BE (payload);
     payload += 3;
 
+#ifdef OHOS_OPT_CVE
+    if (end - payload > obj->rle_data_size)
+      return 0;
+#endif
+
     PGS_DUMP ("%d bytes of RLE data, of %d bytes total.\n",
         (int) (end - payload), obj->rle_data_size);
 
@@ -603,8 +608,14 @@ parse_set_object_data (GstDVDSpu * dvdspu, guint8 type, guint8 * payload,
   } else {
     PGS_DUMP ("%d bytes of additional RLE data\n", (int) (end - payload));
     /* Check that the data chunk is for this object version, and fits in the buffer */
+#ifdef OHOS_OPT_CVE
+    if (obj->rle_data_ver == obj_ver &&
+        end - payload <= obj->rle_data_size &&
+        obj->rle_data_used <= obj->rle_data_size - (end - payload)) {
+#else
     if (obj->rle_data_ver == obj_ver &&
         obj->rle_data_used + end - payload <= obj->rle_data_size) {
+#endif
 
       memcpy (obj->rle_data + obj->rle_data_used, payload, end - payload);
       obj->rle_data_used += end - payload;
diff --git a/gstplugins_base/gst-libs/gst/tag/tags.c b/gstplugins_base/gst-libs/gst/tag/tags.c
index 7f0eef467d11d240970f7c9da47702daf498885f..7a89406be4696aa87416c2cedcf12aa549a39863 100644
--- a/gstplugins_base/gst-libs/gst/tag/tags.c
+++ b/gstplugins_base/gst-libs/gst/tag/tags.c
@@ -530,7 +530,12 @@ gst_tag_image_data_to_image_sample (const guint8 * image_data,
   GstStructure *image_info = NULL;
 
   g_return_val_if_fail (image_data != NULL, NULL);
+#ifdef OHOS_OPT_CVE
+  g_return_val_if_fail (image_data_len > 0
+      || image_data_len == G_MAXUINT32, NULL);
+#else
   g_return_val_if_fail (image_data_len > 0, NULL);
+#endif
   g_return_val_if_fail (gst_tag_image_type_is_valid (image_type), NULL);
 
   GST_DEBUG ("image data len: %u bytes", image_data_len);
diff --git a/gstplugins_base/gst/subparse/gstsubparse.c b/gstplugins_base/gst/subparse/gstsubparse.c
index 0983c3dfe63aefacc33805213b831979e444d90a..cd6d0afc36b1fcb147c683fc05ad1b2d401e4eff 100644
--- a/gstplugins_base/gst/subparse/gstsubparse.c
+++ b/gstplugins_base/gst/subparse/gstsubparse.c
@@ -778,7 +778,11 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
     }
 
     if (*next_tag == '<' && *(next_tag + 1) == '/') {
+#ifdef OHOS_OPT_CVE
+      end_tag = strchr (next_tag, '>');
+#else
       end_tag = strchr (cur, '>');
+#endif
       if (end_tag) {
         const gchar *last = NULL;
         if (num_open_tags > 0)
@@ -793,6 +797,10 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
         } else {
           --num_open_tags;
           g_ptr_array_remove_index (open_tags, num_open_tags);
+#ifdef OHOS_OPT_CVE
+          cur = end_tag + 1;
+          continue;
+#endif
         }
       }
     }
diff --git a/gstplugins_good/gst/audioparsers/gstflacparse.c b/gstplugins_good/gst/audioparsers/gstflacparse.c
index 8fca4108999f056eb34dfc4511602f3221679485..70812eacb7e6a03dc0dd1d74ad8bb64eafe907bb 100644
--- a/gstplugins_good/gst/audioparsers/gstflacparse.c
+++ b/gstplugins_good/gst/audioparsers/gstflacparse.c
@@ -1111,6 +1111,9 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer)
   GstMapInfo map;
   guint32 img_len = 0, img_type = 0;
   guint32 img_mimetype_len = 0, img_description_len = 0;
+#ifdef OHOS_OPT_CVE
+  const guint8 *img_data;
+#endif
 
   gst_buffer_map (buffer, &map, GST_MAP_READ);
   gst_byte_reader_init (&reader, map.data, map.size);
@@ -1137,7 +1140,11 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer)
   if (!gst_byte_reader_get_uint32_be (&reader, &img_len))
     goto error;
 
+#ifdef OHOS_OPT_CVE
+  if (!gst_byte_reader_get_data (&reader, img_len, &img_data))
+#else
   if (gst_byte_reader_get_pos (&reader) + img_len > map.size)
+#endif
     goto error;
 
   GST_INFO_OBJECT (flacparse, "Got image of %d bytes", img_len);
@@ -1146,8 +1153,12 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer)
     if (flacparse->tags == NULL)
       flacparse->tags = gst_tag_list_new_empty ();
 
+#ifdef OHOS_OPT_CVE
+    gst_tag_list_add_id3_image (flacparse->tags, img_data, img_len, img_type);
+#else
     gst_tag_list_add_id3_image (flacparse->tags,
         map.data + gst_byte_reader_get_pos (&reader), img_len, img_type);
+#endif
   }
 
   gst_buffer_unmap (buffer, &map);