diff --git a/CVE-2020-27752.patch b/CVE-2020-27752.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ff6dbeeffa5b5a49d7f6ce261328b3faa7953d12
--- /dev/null
+++ b/CVE-2020-27752.patch
@@ -0,0 +1,32 @@
+From cea01963ce130bd8400838e9c2d306a1a973e7f4 Mon Sep 17 00:00:00 2001
+From: wang_yue111 <648774160@qq.com>
+Date: Thu, 29 Apr 2021 16:56:33 +0800
+Subject: [PATCH] 2
+
+---
+ coders/png.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/coders/png.c b/coders/png.c
+index ee6fba2..9df1a08 100644
+--- a/coders/png.c
++++ b/coders/png.c
+@@ -11177,11 +11177,13 @@ static MagickBooleanType WriteOnePNGImage(MngInfo *mng_info,
+       (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+         "    Allocating %.20g bytes of memory for pixels",(double) rowbytes);
+     }
+-  pixel_info=AcquireVirtualMemory(rowbytes+256,sizeof(*ping_pixels));
++  pixel_info=AcquireVirtualMemory(rowbytes,GetPixelChannels(image)*
++    sizeof(*ping_pixels));
+   if (pixel_info == (MemoryInfo *) NULL)
+     png_error(ping,"Allocation of memory for pixels failed");
+   ping_pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info);
+-  (void) memset(ping_pixels,0,(rowbytes+256)*sizeof(*ping_pixels));
++  (void) memset(ping_pixels,0,rowbytes*GetPixelChannels(image)*
++    sizeof(*ping_pixels));
+   /*
+     Initialize image scanlines.
+   */
+-- 
+2.23.0
+
diff --git a/ImageMagick.spec b/ImageMagick.spec
index 6b72cf68c882a7ee9b63532586a0b53c7d8caee1..286148c8e1ae0a5bb6bf89d3245c5a33a8e2b287 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -1,7 +1,7 @@
 Name:           ImageMagick
 Epoch:          1
 Version:        6.9.10.67
-Release:        21
+Release:        22
 Summary:        Create, edit, compose, or convert bitmap images
 License:        ImageMagick and MIT
 Url:            http://www.imagemagick.org/
@@ -54,6 +54,7 @@ Patch0044:      CVE-2020-25666-2.patch
 Patch0045:      CVE-2020-25675.patch
 Patch0046:      CVE-2020-27755.patch
 Patch0047:      CVE-2019-18853.patch
+Patch0048:      CVE-2020-27752.patch
 
 BuildRequires:  bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
 BuildRequires:  libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@@ -210,6 +211,9 @@ rm PerlMagick/demo/Generic.ttf
 %{_libdir}/pkgconfig/ImageMagick++*
 
 %changelog
+* Thu Apr 29 2021 wangyue <wangyue92@huawei.com> - 6.9.10.67-22
+- Fix CVE-2020-27752
+
 * Mon Apr 12 2021 wangyue <wangyue92@huawei.com> - 6.9.10.67-21
 - Fix CVE-2019-18853 CVE-2020-27755