diff --git a/0006-CVE-2023-44488-Fix-bug-with-smaller-width-bigger-size.patch b/0006-CVE-2023-44488-Fix-bug-with-smaller-width-bigger-size.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bf526c808d6d7e84268f510c859d6e0a143f912b
--- /dev/null
+++ b/0006-CVE-2023-44488-Fix-bug-with-smaller-width-bigger-size.patch
@@ -0,0 +1,103 @@
+From 0b9c2b782ae87f820aa34a19be7be6268f258172 Mon Sep 17 00:00:00 2001
+From: Jerome Jiang <jianj@google.com>
+Date: Thu, 30 Jun 2022 13:48:56 -0400
+Subject: [PATCH] Fix bug with smaller width bigger size
+
+Fixed previous patch that clusterfuzz failed on.
+
+Local fuzzing passing overnight.
+
+Bug: webm:1642
+Change-Id: If0e08e72abd2e042efe4dcfac21e4cc51afdfdb9
+(cherry picked from commit 263682c9a29395055f3b3afe2d97be1828a6223f)
+---
+ vp9/common/vp9_alloccommon.c | 13 ++++++-------
+ vp9/encoder/vp9_encoder.c    | 27 +++++++++++++++++++++++++--
+ 2 files changed, 31 insertions(+), 9 deletions(-)
+
+diff --git a/vp9/common/vp9_alloccommon.c b/vp9/common/vp9_alloccommon.c
+index 7345e259b..2989ee015 100644
+--- a/vp9/common/vp9_alloccommon.c
++++ b/vp9/common/vp9_alloccommon.c
+@@ -122,13 +122,6 @@ int vp9_alloc_context_buffers(VP9_COMMON *cm, int width, int height) {
+     cm->free_mi(cm);
+     if (cm->alloc_mi(cm, new_mi_size)) goto fail;
+   }
+-
+-  if (cm->seg_map_alloc_size < cm->mi_rows * cm->mi_cols) {
+-    // Create the segmentation map structure and set to 0.
+-    free_seg_map(cm);
+-    if (alloc_seg_map(cm, cm->mi_rows * cm->mi_cols)) goto fail;
+-  }
+-
+   if (cm->above_context_alloc_cols < cm->mi_cols) {
+     vpx_free(cm->above_context);
+     cm->above_context = (ENTROPY_CONTEXT *)vpx_calloc(
+@@ -143,6 +136,12 @@ int vp9_alloc_context_buffers(VP9_COMMON *cm, int width, int height) {
+     cm->above_context_alloc_cols = cm->mi_cols;
+   }
+ 
++  if (cm->seg_map_alloc_size < cm->mi_rows * cm->mi_cols) {
++    // Create the segmentation map structure and set to 0.
++    free_seg_map(cm);
++    if (alloc_seg_map(cm, cm->mi_rows * cm->mi_cols)) goto fail;
++  }
++
+   if (vp9_alloc_loop_filter(cm)) goto fail;
+ 
+   return 0;
+diff --git a/vp9/encoder/vp9_encoder.c b/vp9/encoder/vp9_encoder.c
+index 2ae59dd98..01a6d907b 100644
+--- a/vp9/encoder/vp9_encoder.c
++++ b/vp9/encoder/vp9_encoder.c
+@@ -1751,6 +1751,17 @@ static void alloc_copy_partition_data(VP9_COMP *cpi) {
+   }
+ }
+ 
++static void free_copy_partition_data(VP9_COMP *cpi) {
++  vpx_free(cpi->prev_partition);
++  cpi->prev_partition = NULL;
++  vpx_free(cpi->prev_segment_id);
++  cpi->prev_segment_id = NULL;
++  vpx_free(cpi->prev_variance_low);
++  cpi->prev_variance_low = NULL;
++  vpx_free(cpi->copied_frame_cnt);
++  cpi->copied_frame_cnt = NULL;
++}
++
+ void vp9_change_config(struct VP9_COMP *cpi, const VP9EncoderConfig *oxcf) {
+   VP9_COMMON *const cm = &cpi->common;
+   RATE_CONTROL *const rc = &cpi->rc;
+@@ -1834,6 +1845,8 @@ void vp9_change_config(struct VP9_COMP *cpi, const VP9EncoderConfig *oxcf) {
+     new_mi_size = cm->mi_stride * calc_mi_size(cm->mi_rows);
+     if (cm->mi_alloc_size < new_mi_size) {
+       vp9_free_context_buffers(cm);
++      vp9_free_pc_tree(&cpi->td);
++      vpx_free(cpi->mbmi_ext_base);
+       alloc_compressor_data(cpi);
+       realloc_segmentation_maps(cpi);
+       cpi->initial_width = cpi->initial_height = 0;
+@@ -1849,8 +1862,18 @@ void vp9_change_config(struct VP9_COMP *cpi, const VP9EncoderConfig *oxcf) {
+     update_frame_size(cpi);
+ 
+   if (last_w != cpi->oxcf.width || last_h != cpi->oxcf.height) {
+-    memset(cpi->consec_zero_mv, 0,
+-           cm->mi_rows * cm->mi_cols * sizeof(*cpi->consec_zero_mv));
++    vpx_free(cpi->consec_zero_mv);
++    CHECK_MEM_ERROR(
++        cm, cpi->consec_zero_mv,
++        vpx_calloc(cm->mi_rows * cm->mi_cols, sizeof(*cpi->consec_zero_mv)));
++
++    vpx_free(cpi->skin_map);
++    CHECK_MEM_ERROR(
++        cm, cpi->skin_map,
++        vpx_calloc(cm->mi_rows * cm->mi_cols, sizeof(cpi->skin_map[0])));
++
++    free_copy_partition_data(cpi);
++    alloc_copy_partition_data(cpi);
+     if (cpi->oxcf.aq_mode == CYCLIC_REFRESH_AQ)
+       vp9_cyclic_refresh_reset_resize(cpi);
+     rc->rc_1_frame = 0;
+-- 
+2.41.0
+
diff --git a/libvpx.spec b/libvpx.spec
index 5fbf612e6cb4f2a359d8203a7354dbdf5f9d25af..4644818bf6d54ad5fe4055c70b313d4b3f3598a0 100644
--- a/libvpx.spec
+++ b/libvpx.spec
@@ -7,7 +7,7 @@
 Name:			libvpx
 Summary:		VP8/VP9 Video Codec SDK
 Version:		1.7.0
-Release:		9%{anolis_release}%{?dist}
+Release:		10%{anolis_release}%{?dist}
 License:		BSD
 Group:			System Environment/Libraries
 #Source0:		http://downloads.webmproject.org/releases/webm/%{name}-%{version}.tar.bz2
@@ -27,6 +27,7 @@ Patch2:			0002-CVE-2019-9433-VP8-Fix-use-after-free-in-postproc.patch
 Patch3:			0003-CVE-2019-9371-update-libwebm.patch
 Patch4:			0004-CVE-2019-2126-update-libwebm-to-libwebm-1.0.0.27-361.patch
 Patch5:         0005-CVE-2023-5217-VP8-disallow-thread-count-changes.patch
+Patch6:         0006-CVE-2023-44488-Fix-bug-with-smaller-width-bigger-size.patch
 
 %description
 libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications 
@@ -67,6 +68,7 @@ Doc pages for %{name}.
 %patch3 -p1 -b .0003
 %patch4 -p1 -b .0004
 %patch5 -p1 -b .0005
+%patch6 -p1 -b .0006
 
 %build
 %ifarch %{ix86}
@@ -258,6 +260,9 @@ rm -rf %{buildroot}%{_prefix}/src
 %doc AUTHORS CHANGELOG README
 
 %changelog
+* Thu Oct 12 2023 Bo Liu <liubo03@inspur.com> -1.7.0-10.0.1
+- Fix bug with smaller width bigger size (CVE-2023-44488)
+
 * Wed Oct 11 2023 Kaiqiang Wang <wangkaiqiang@isnpur.com> - 1.7.0-9.0.1
 - VP8: disallow thread count changes (CVE-2023-5217)