diff --git a/0002-fix-cve-CVE-2024-52531.patch b/0002-fix-cve-CVE-2024-52531.patch
new file mode 100644
index 0000000000000000000000000000000000000000..46dea8d4e6368df04ee39839d51579f59ef300a8
--- /dev/null
+++ b/0002-fix-cve-CVE-2024-52531.patch
@@ -0,0 +1,116 @@
+From 2ce634a538b8c1fd824df577a192b7f2844f9d74 Mon Sep 17 00:00:00 2001
+From: zhuhongbo <zhuhongbo@uniontech.com>
+Date: Fri, 21 Feb 2025 10:07:56 +0800
+Subject: [PATCH] fix cve CVE-2024-52531
+
+---
+ libsoup/soup-headers.c | 48 +++++++++++++++++++++---------------------
+ 1 file changed, 24 insertions(+), 24 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 31ad1fe..f198fec 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -643,8 +643,9 @@ soup_header_contains (const char *header, const char *token)
+ }
+ 
+ static void
+-decode_quoted_string (char *quoted_string)
++decode_quoted_string_inplace (GString *quoted_gstring)
+ {
++	char *quoted_string = quoted_gstring->str;
+ 	char *src, *dst;
+ 
+ 	src = quoted_string + 1;
+@@ -658,10 +659,11 @@ decode_quoted_string (char *quoted_string)
+ }
+ 
+ static gboolean
+-decode_rfc5987 (char *encoded_string)
++decode_rfc5987_inplace (GString *encoded_gstring)
+ {
+ 	char *q, *decoded;
+ 	gboolean iso_8859_1 = FALSE;
++	const char *encoded_string = encoded_gstring->str;
+ 
+ 	q = strchr (encoded_string, '\'');
+ 	if (!q)
+@@ -690,14 +692,7 @@ decode_rfc5987 (char *encoded_string)
+ 		decoded = utf8;
+ 	}
+ 
+-	/* If encoded_string was UTF-8, then each 3-character %-escape
+-	 * will be converted to a single byte, and so decoded is
+-	 * shorter than encoded_string. If encoded_string was
+-	 * iso-8859-1, then each 3-character %-escape will be
+-	 * converted into at most 2 bytes in UTF-8, and so it's still
+-	 * shorter.
+-	 */
+-	strcpy (encoded_string, decoded);
++	g_string_assign (encoded_gstring, decoded);
+ 	g_free (decoded);
+ 	return TRUE;
+ }
+@@ -707,15 +702,17 @@ parse_param_list (const char *header, char delim)
+ {
+ 	GHashTable *params;
+ 	GSList *list, *iter;
+-	char *item, *eq, *name_end, *value;
+-	gboolean override;
+ 
+ 	params = g_hash_table_new_full (soup_str_case_hash, 
+ 					soup_str_case_equal,
+-					g_free, NULL);
++					g_free, g_free);
+ 
+ 	list = parse_list (header, delim);
+ 	for (iter = list; iter; iter = iter->next) {
++		char *item, *eq, *name_end;
++		gboolean override, duplicated;
++		GString *parsed_value = NULL;
++
+ 		item = iter->data;
+ 		override = FALSE;
+ 
+@@ -730,24 +727,27 @@ parse_param_list (const char *header, char delim)
+ 
+ 			*name_end = '\0';
+ 
+-			value = (char *)skip_lws (eq + 1);
++			parsed_value = g_string_new ((char *)skip_lws (eq + 1));			
+ 
+ 			if (name_end[-1] == '*' && name_end > item + 1) {
+ 				name_end[-1] = '\0';
+-				if (!decode_rfc5987 (value)) {
++				if (!decode_rfc5987_inplace (parsed_value)) {				
++					g_string_free (parsed_value, TRUE);
+ 					g_free (item);
+ 					continue;
+ 				}
+-				override = TRUE;
+-			} else if (*value == '"')
+-				decode_quoted_string (value);
+-		} else
+-			value = NULL;
+-
+-		if (override || !g_hash_table_lookup (params, item))
+-			g_hash_table_replace (params, item, value);
+-		else
++				override = TRUE;
++			} else if (parsed_value->str[0] == '"')
++				decode_quoted_string_inplace (parsed_value);
++		}
++
++		if (override || !g_hash_table_lookup (params, item)) {
++			g_hash_table_replace (params, item, parsed_value ? g_string_free (parsed_value, FALSE) : NULL);
++		} else {
++			if (parsed_value)
++				g_string_free (parsed_value, TRUE);
+ 			g_free (item);
++		}
+ 	}
+ 
+ 	g_slist_free (list);
+-- 
+2.39.3
+
diff --git a/libsoup.spec b/libsoup.spec
index b7fbf8ce8c647d13706ab069928a95abf6b9ee8c..dba0d5601e77dec78b3f2fe426eee863bc0d54ff 100644
--- a/libsoup.spec
+++ b/libsoup.spec
@@ -2,7 +2,7 @@
 
 Name: libsoup
 Version: 2.62.2
-Release: 3%{?dist}
+Release: 4%{?dist}
 Summary: Soup, an HTTP library implementation
 
 License: LGPLv2
@@ -16,6 +16,7 @@ Patch03: 0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch
 
 #add by uos
 Patch04: 0001-cve-CVE-2024-52530.patch
+Patch05: 0002-fix-cve-CVE-2024-52531.patch
 #end
 BuildRequires: chrpath
 BuildRequires: glib2-devel >= %{glib2_version}
@@ -55,6 +56,7 @@ you to develop applications that use the libsoup library.
 %patch02 -p1 -b .python2
 %patch03 -p1 -b .cve-2018-12910
 %patch04 -p1 -b .cve-CVE-2024-52530
+%patch05 -p1 -b .fix-cve-CVE-2024-52531
 %build
 %configure --disable-static
 
@@ -96,6 +98,9 @@ chrpath --delete $RPM_BUILD_ROOT%{_libdir}/*.so
 %{_datadir}/vala/vapi/libsoup-2.4.vapi
 
 %changelog
+* Fri Feb 21 2025 zhuhongbo <zhuhongbo@uniontech.com> - 2.62.2-4
+- cve: fix CVE-2024-52531
+
 * Tue Nov 19 2024 zhuhongbo <zhuhongbo@uniontech.com> - 2.62.2-3
 - cve: fix CVE-2024-52530