diff --git a/CVE-2022-44267_CVE-2022-44268.patch b/CVE-2022-44267_CVE-2022-44268.patch
new file mode 100644
index 0000000000000000000000000000000000000000..330a5cea569936ddd31f9230010bb3c33df898e4
--- /dev/null
+++ b/CVE-2022-44267_CVE-2022-44268.patch
@@ -0,0 +1,30 @@
+From 3c5188b41902a909e163492fb0c19e49efefcefe Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sat, 22 Oct 2022 13:28:51 -0400
+Subject: [PATCH] possible DoS @ stdin (OCE-2022-70); possible arbitrary file
+ leak (OCE-2022-72)
+
+---
+ coders/png.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/coders/png.c b/coders/png.c
+index dae894d9c..887827636 100644
+--- a/coders/png.c
++++ b/coders/png.c
+@@ -3793,13 +3793,14 @@ static Image *ReadOnePNGImage(MngInfo *mng_info,
+              */
+             if (!png_get_valid(ping,ping_info,PNG_INFO_pHYs) ||
+                 (LocaleCompare(text[i].key,"density") != 0 &&
+-                LocaleCompare(text[i].key,"units") != 0))
++                 LocaleCompare(text[i].key,"units") != 0))
+               {
+                 char
+                   key[MaxTextExtent];
+ 
+                 (void) FormatLocaleString(key,MaxTextExtent,"%s",text[i].key);
+                 if ((LocaleCompare(key,"version") == 0) ||
++                    (LocaleCompare(key,"profile") == 0) ||
+                     (LocaleCompare(key,"width") == 0))
+                   (void) FormatLocaleString(key,MagickPathExtent,"png:%s",
+                     text[i].key);
diff --git a/ImageMagick.spec b/ImageMagick.spec
index 9b88b1261077b022a48ed180451097c99b5f0e25..4a481845f033e39ccaf6ddba5dbc7274e6f0c8ed 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -1,7 +1,7 @@
 Name:           ImageMagick
 Epoch:          1
 Version:        6.9.12.43
-Release:        4
+Release:        5
 Summary:        Create, edit, compose, or convert bitmap images
 License:        ImageMagick and MIT
 Url:            http://www.imagemagick.org/
@@ -12,6 +12,7 @@ Patch0002: CVE-2022-3213-pre1.patch
 Patch0003: CVE-2022-3213-pre2.patch
 Patch0004: CVE-2022-3213.patch
 Patch0005: CVE-2022-32547.patch
+Patch0006: CVE-2022-44267_CVE-2022-44268.patch
 
 
 BuildRequires:  bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
@@ -170,6 +171,9 @@ rm PerlMagick/demo/Generic.ttf
 %{_libdir}/pkgconfig/ImageMagick++*
 
 %changelog
+* Thu Feb 09 2023 yaoxin <yaoxin30@h-partners.com> - 1:6.9.12.43-5
+- Fix CVE-2022-44267 and CVE-2022-44268
+
 * Tue Nov 22 2022 yaoxin <yaoxin30@h-partners.com> - 1:6.9.12.43-4
 - Fix CVE-2022-32547