diff --git a/libxml2-2.9.7-CVE-2023-28484.patch b/libxml2-2.9.7-CVE-2023-28484.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4f896b6eb76760c044c3f2ff08ea1c2bb1225eae
--- /dev/null
+++ b/libxml2-2.9.7-CVE-2023-28484.patch
@@ -0,0 +1,27 @@
+From 647e072ea0a2f12687fa05c172f4c4713fdb0c4f Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Apr 2023 11:46:35 +0200
+Subject: [PATCH] [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
+
+Fix a null pointer dereference when parsing (invalid) XML schemas.
+
+Thanks to Robby Simpson for the report!
+
+Fixes #491.
+ xmlschemas.c                    |  2 +-
+ 1 files changed, 1 insertions(+), 1 deletion(-)
+
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 152b7c3f5..eec24a95f 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -18619,7 +18619,7 @@ xmlSchemaFixupComplexType(xmlSchemaParserCtxtPtr pctxt,
+                        "allowed to appear inside other model groups",
+                        NULL, NULL);
+ 
+-               } else if (! dummySequence) {
++               } else if ((!dummySequence) && (baseType->subtypes != NULL)) {
+                    xmlSchemaTreeItemPtr effectiveContent =
+                        (xmlSchemaTreeItemPtr) type->subtypes;
+                    /*