diff --git a/debian/changelog b/debian/changelog
index 1c6e6a019ca32a1401cef6cb8d4b57ee998264e0..16b0c44f0cb205c0cdbd00a9cfb98562ab0b06d9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+ghostscript (9.50~dfsg-ok5) yangtze; urgency=medium
+
+  * badcodebuilder CVE-2020-16289 安全更新：修复devices/gdevcif.c中的cif_print_page()缓冲区错误漏洞。
+
+ -- badcodebuilder <yuwenliu@buaa.edu.cn>  Sun, 02 Apr 2023 14:47:00 +0800
+
 ghostscript (9.50~dfsg-ok4) yangtze; urgency=medium
 
   * another-lin CVE-2020-16288 安全更新：修复缓冲区错误的漏洞。该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等.
diff --git a/devices/gdevcif.c b/devices/gdevcif.c
index f67aaf2acc5ef3baf5b704817c5a177cea6c99fa..bd9649ab3f8a4d7132be49ff089ee7c0a3198a7e 100644
--- a/devices/gdevcif.c
+++ b/devices/gdevcif.c
@@ -58,12 +58,12 @@ cif_print_page(gx_device_printer *pdev, gp_file *prn_stream)
                 length = strlen(pdev->fname) + 1;
         else
                 length = s - pdev->fname;
-        s = (char *)gs_malloc(pdev->memory, length, sizeof(char), "cif_print_page(s)");
+        s = (char *)gs_malloc(pdev->memory, length+1, sizeof(char), "cif_print_page(s)");
 
         strncpy(s, pdev->fname, length);
         *(s + length) = '\0';
         gp_fprintf(prn_stream, "DS1 25 1;\n9 %s;\nLCP;\n", s);
-        gs_free(pdev->memory, s, length, 1, "cif_print_page(s)");
+        gs_free(pdev->memory, s, length+1, 1, "cif_print_page(s)");
 
    for (lnum = 0; lnum < pdev->height; lnum++) {
       gdev_prn_copy_scan_lines(pdev, lnum, in, line_size);