diff --git a/CVE-2022-28506.patch b/CVE-2022-28506.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c5f0b9adbf00af1291d9e187296c7714fec6874f
--- /dev/null
+++ b/CVE-2022-28506.patch
@@ -0,0 +1,15 @@
+diff -rupN giflib-5.2.1/gif2rgb.c giflib-5.2.1-new/gif2rgb.c
+--- giflib-5.2.1/gif2rgb.c	2019-06-24 09:24:27.000000000 +0200
++++ giflib-5.2.1-new/gif2rgb.c	2022-07-21 09:58:28.256036156 +0200
+@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileNam
+             GifRow = ScreenBuffer[i];
+             GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
+             for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
++                /* Check if color is within color palete */
++                if (GifRow[j] >= ColorMap->ColorCount)
++                {
++                   GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
++                }
+                 ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+                 *BufferP++ = ColorMapEntry->Red;
+                 *BufferP++ = ColorMapEntry->Green;
diff --git a/CVE-2023-39742.patch b/CVE-2023-39742.patch
new file mode 100644
index 0000000000000000000000000000000000000000..15954505a0b737ffee0044e0b4ae3ade1430a741
--- /dev/null
+++ b/CVE-2023-39742.patch
@@ -0,0 +1,24 @@
+Description: Fix segmentation faults due to non correct checking for args
+Author: David Suárez <david.sephirot@gmail.com>
+Origin: vendor
+Bug: https://sourceforge.net/p/giflib/bugs/153/
+Bug-Debian: https://bugs.debian.org/715963
+Bug-Debian: https://bugs.debian.org/715964
+Bug-Debian: https://bugs.debian.org/715967
+Last-Update: 2020-12-20
+
+--- a/getarg.c
++++ b/getarg.c
+@@ -305,6 +305,12 @@
+     int i = 0, ScanRes;
+ 
+     while (!(ISSPACE(CtrlStrCopy[i]))) {
++
++        if ((*argv) == argv_end) {
++            GAErrorToken = Option;
++            return CMD_ERR_NumRead;
++        }
++
+         switch (CtrlStrCopy[i + 1]) {
+           case 'd':    /* Get signed integers. */
+               ScanRes = sscanf(*((*argv)++), "%d",
diff --git a/giflib.spec b/giflib.spec
index 4900980393d1ada4d188c90ec21c08e88d4df591..762017c5dd44afbc33a2d20b7df3c986b94488f4 100644
--- a/giflib.spec
+++ b/giflib.spec
@@ -1,14 +1,16 @@
-%define anolis_release 3
+%define anolis_release 4
 Name:          giflib
 Summary:       A library and utilities for processing GIFs
 Version:       5.2.1
-Release: %{anolis_release}%{dist}
+Release:       %{anolis_release}%{dist}
 
 License:       MIT
 URL:           http://www.sourceforge.net/projects/%{name}/
 Source:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 # Downstream cmake support
 Source1:       CMakeLists.txt
+Patch0:        CVE-2022-28506.patch
+Patch1:        CVE-2023-39742.patch
 
 BuildRequires: cmake
 BuildRequires: gcc
@@ -62,6 +64,9 @@ cp -a %{SOURCE1} .
 %{_mandir}/man1/*.1*
 
 %changelog
+* Fri Sep 15 2023 Funda Wang <fundawang@yeah.net> - 5.2.1-4
+- Fix CVE-2022-28506 & CVE-2023-39742
+
 * Fri Mar 10 2023 Funda Wang <fundawang@yeah.net> - 5.2.1-3
 - Drop mingw support