diff --git a/ImageMagick.spec b/ImageMagick.spec
index ec7889c458d8760f17b22db27a44e1a09d45a638..9a4c3f0a64a95ac24737558deccbb6cf9080590c 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -1,12 +1,14 @@
 Name:           ImageMagick
 Epoch:          1
 Version:        6.9.12.43
-Release:        1
+Release:        2
 Summary:        Create, edit, compose, or convert bitmap images
 License:        ImageMagick and MIT
 Url:            http://www.imagemagick.org/
 Source0:        https://www.imagemagick.org/download/ImageMagick-6.9.12-43.tar.xz
 
+Patch0001: backport-fix-CVE-2022-1115.patch
+
 BuildRequires:  bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
 BuildRequires:  libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
 BuildRequires:  libgs-devel ghostscript-x11 libwmf-devel 
@@ -163,6 +165,9 @@ rm PerlMagick/demo/Generic.ttf
 %{_libdir}/pkgconfig/ImageMagick++*
 
 %changelog
+* Mon Sep 5 2022 cenhuilin <cenhuilin@kylinos.cn> - 1:6.9.12.43-2
+- fix CVE-2022-1115
+
 * Tue May 17 2022 houyingchao <houyingchao@h-partners.com> - 6.9.12.43-1
 - Upgrade to 6.9.12.43 for fix CVE-2022-1114
 
diff --git a/backport-fix-CVE-2022-1115.patch b/backport-fix-CVE-2022-1115.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e158711fd1604b9572041098bb1fdf11ed3df801
--- /dev/null
+++ b/backport-fix-CVE-2022-1115.patch
@@ -0,0 +1,25 @@
+From e88576bc495951a1c08a6e9cdbc2121b4c9d8ac8 Mon Sep 17 00:00:00 2001
+From: cenhuilin <cenhuilin@kylinos.cn>
+Date: Mon, 5 Sep 2022 06:39:50 +0000
+Subject: [PATCH] heap-buffer-overflow in magick at quantum-private.h PushShortPixel
+
+---
+ coders/tiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 8fd1451..b4c94bb 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1894,7 +1894,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         number_pixels=(MagickSizeType) columns*rows;
+         if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
+           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
+-        extent=MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
++        extent=4*MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
+ #if defined(TIFF_VERSION_BIG)
+         extent+=image->columns*sizeof(uint64);
+ #else
+-- 
+2.33.0
+