diff --git a/bugfix-for-cve-2025-27833.patch b/bugfix-for-cve-2025-27833.patch
new file mode 100644
index 0000000000000000000000000000000000000000..374e95444b7facda9925ae7aac1af56341fd84ed
--- /dev/null
+++ b/bugfix-for-cve-2025-27833.patch
@@ -0,0 +1,35 @@
+From 477e36cfa1faa0037069a22eeeb4fc750733f120 Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Mon, 20 Jan 2025 09:38:59 +0000
+Subject: Bug 708259: Check TTF name size before copying to buffer.
+
+CVE-2025-27833
+---
+ pdf/pdf_fmap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pdf/pdf_fmap.c b/pdf/pdf_fmap.c
+index 5ddf229da..328d8db86 100644
+--- a/pdf/pdf_fmap.c
++++ b/pdf/pdf_fmap.c
+@@ -751,7 +751,7 @@ static int pdfi_ttf_add_to_native_map(pdf_context *ctx, stream *f, byte magic[4]
+                         int nl = u16(rec + 8);
+                         int noffs = u16(rec + 10);
+ 
+-                        if (nl + noffs + storageOffset > table_len) {
++                        if (nl + noffs + storageOffset > table_len || nl >= pname_size) {
+                             break;
+                         }
+                         memcpy(pname, namet + storageOffset + noffs, nl);
+@@ -789,7 +789,7 @@ static int pdfi_ttf_add_to_native_map(pdf_context *ctx, stream *f, byte magic[4]
+                             int nl = u16(rec + 8);
+                             int noffs = u16(rec + 10);
+ 
+-                            if (nl + noffs + storageOffset > table_len) {
++                            if (nl + noffs + storageOffset > table_len || nl >= pname_size) {
+                                 break;
+                             }
+                             memcpy(pname, namet + storageOffset + noffs, nl);
+-- 
+cgit v1.2.3
+
diff --git a/ghostscript.spec b/ghostscript.spec
index b2a6ebf353a89b38d73604a2bc0a25d251394592..137ea33fcdcd0e714e6fec06c56a4fdef52bbc37 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -1,4 +1,4 @@
-%define anolis_release 2
+%define anolis_release 3
 
 %global _hardened_build 1
 %global _docdir_fmt     %{name}
@@ -68,6 +68,11 @@ Patch6: bugfix-for-cve-2025-27831.patch
 # Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=36ac25fca7b
 Patch7: bugfix-for-cve-2025-27832.patch
 
+# CVE-2025-27833
+# Tracking bug: https://bugs.ghostscript.com/show_bug.cgi?id=708259
+# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=477e36cfa1f
+Patch8: bugfix-for-cve-2025-27833.patch
+
 %description
 Ghostscript is an interpreter for PostScript® and Portable Document Format (PDF) files.
 
@@ -262,6 +267,9 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
 
 
 %changelog
+* Thu Apr 24 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 10.03.0-3
+- Fix CVE-2025-27833
+
 * Thu Apr 24 2025 zjl02254423 <zjl02254423@alibaba-inc.com> - 10.03.0-2
 - Add BuildRequires