diff --git a/CVE.md b/CVE.md
new file mode 100644
index 0000000000000000000000000000000000000000..d8c0cec907dcccfb99aa031370bed13a2998f887
--- /dev/null
+++ b/CVE.md
@@ -0,0 +1,6 @@
+## CVE漏洞
+| CVE漏洞编号    | 状态 | 链接 |
+| ------------- | --- | ------------- |
+| CVE-2023-37327 | 已修复 | https://gstreamer.freedesktop.org/security/sa-2023-0001.html |
+| CVE-2023-37328 | 已修复 | https://gstreamer.freedesktop.org/security/sa-2023-0002.html |
+| CVE-2023-37329 | 已修复 | https://gstreamer.freedesktop.org/security/sa-2023-0003.html |
\ No newline at end of file
diff --git a/gstplugins_bad/gst/dvdspu/gstspu-pgs.c b/gstplugins_bad/gst/dvdspu/gstspu-pgs.c
index 6108de07c2ea9fe24921a0db9b33fc352b02eb9e..05b88502a32019bb20f84a1df70bb9274eba0c01 100644
--- a/gstplugins_bad/gst/dvdspu/gstspu-pgs.c
+++ b/gstplugins_bad/gst/dvdspu/gstspu-pgs.c
@@ -593,6 +593,11 @@ parse_set_object_data (GstDVDSpu * dvdspu, guint8 type, guint8 * payload,
     obj->rle_data_size = GST_READ_UINT24_BE (payload);
     payload += 3;
 
+#ifdef OHOS_OPT_CVE
+    if (end - payload > obj->rle_data_size)
+      return 0;
+#endif
+
     PGS_DUMP ("%d bytes of RLE data, of %d bytes total.\n",
         (int) (end - payload), obj->rle_data_size);
 
@@ -603,8 +608,14 @@ parse_set_object_data (GstDVDSpu * dvdspu, guint8 type, guint8 * payload,
   } else {
     PGS_DUMP ("%d bytes of additional RLE data\n", (int) (end - payload));
     /* Check that the data chunk is for this object version, and fits in the buffer */
+#ifdef OHOS_OPT_CVE
+    if (obj->rle_data_ver == obj_ver &&
+        end - payload <= obj->rle_data_size &&
+        obj->rle_data_used <= obj->rle_data_size - (end - payload)) {
+#else
     if (obj->rle_data_ver == obj_ver &&
         obj->rle_data_used + end - payload <= obj->rle_data_size) {
+#endif
 
       memcpy (obj->rle_data + obj->rle_data_used, payload, end - payload);
       obj->rle_data_used += end - payload;
diff --git a/gstplugins_base/gst-libs/gst/tag/tags.c b/gstplugins_base/gst-libs/gst/tag/tags.c
index b0c7e619adc48256cb72b2c0fbc462b9770b3a66..fbbae80e37efc80646563ef752282818fe7980bf 100644
--- a/gstplugins_base/gst-libs/gst/tag/tags.c
+++ b/gstplugins_base/gst-libs/gst/tag/tags.c
@@ -519,7 +519,12 @@ gst_tag_image_data_to_image_sample (const guint8 * image_data,
   GstStructure *image_info = NULL;
 
   g_return_val_if_fail (image_data != NULL, NULL);
+#ifdef OHOS_OPT_CVE
+  g_return_val_if_fail (image_data_len > 0
+      || image_data_len == G_MAXUINT32, NULL);
+#else
   g_return_val_if_fail (image_data_len > 0, NULL);
+#endif
   g_return_val_if_fail (gst_tag_image_type_is_valid (image_type), NULL);
 
   GST_DEBUG ("image data len: %u bytes", image_data_len);
diff --git a/gstplugins_base/gst/subparse/gstsubparse.c b/gstplugins_base/gst/subparse/gstsubparse.c
index 759ec1b2c4f46b9c9335c3caad8840e973d1f881..92bf2fe64dcb9f3c7b9db2d3c1886089d1b17260 100644
--- a/gstplugins_base/gst/subparse/gstsubparse.c
+++ b/gstplugins_base/gst/subparse/gstsubparse.c
@@ -814,7 +814,11 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
     }
 
     if (*next_tag == '<' && *(next_tag + 1) == '/') {
+#ifdef OHOS_OPT_CVE
+      end_tag = strchr (next_tag, '>');
+#else
       end_tag = strchr (cur, '>');
+#endif
       if (end_tag) {
         const gchar *last = NULL;
         if (num_open_tags > 0)
@@ -829,6 +833,10 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
         } else {
           --num_open_tags;
           g_ptr_array_remove_index (open_tags, num_open_tags);
+#ifdef OHOS_OPT_CVE
+          cur = end_tag + 1;
+          continue;
+#endif
         }
       }
     }
diff --git a/gstplugins_good/gst/audioparsers/gstflacparse.c b/gstplugins_good/gst/audioparsers/gstflacparse.c
index 2758d4cfc5ce96e9faeba53ba144529703bebe44..f411d7d25cdb3271b6b40376e4c88ffe2605e71c 100644
--- a/gstplugins_good/gst/audioparsers/gstflacparse.c
+++ b/gstplugins_good/gst/audioparsers/gstflacparse.c
@@ -1109,6 +1109,9 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer)
   GstMapInfo map;
   guint32 img_len = 0, img_type = 0;
   guint32 img_mimetype_len = 0, img_description_len = 0;
+#ifdef OHOS_OPT_CVE
+  const guint8 *img_data;
+#endif
 
   gst_buffer_map (buffer, &map, GST_MAP_READ);
   gst_byte_reader_init (&reader, map.data, map.size);
@@ -1135,7 +1138,11 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer)
   if (!gst_byte_reader_get_uint32_be (&reader, &img_len))
     goto error;
 
+#ifdef OHOS_OPT_CVE
+  if (!gst_byte_reader_get_data (&reader, img_len, &img_data))
+#else
   if (gst_byte_reader_get_pos (&reader) + img_len > map.size)
+#endif
     goto error;
 
   GST_INFO_OBJECT (flacparse, "Got image of %d bytes", img_len);
@@ -1144,8 +1151,12 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer)
     if (flacparse->tags == NULL)
       flacparse->tags = gst_tag_list_new_empty ();
 
+#ifdef OHOS_OPT_CVE
+    gst_tag_list_add_id3_image (flacparse->tags, img_data, img_len, img_type);
+#else
     gst_tag_list_add_id3_image (flacparse->tags,
         map.data + gst_byte_reader_get_pos (&reader), img_len, img_type);
+#endif
   }
 
   gst_buffer_unmap (buffer, &map);