diff --git a/CVE-2020-25665.patch b/CVE-2020-25665.patch
new file mode 100644
index 0000000000000000000000000000000000000000..90c7518e169492ba9df96b5e0488c0456a43697b
--- /dev/null
+++ b/CVE-2020-25665.patch
@@ -0,0 +1,40 @@
+From ca80e93cc887fb8971ceba2eead2c74e2b927df4 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Fri, 4 Oct 2019 18:19:20 -0400
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1714
+
+---
+ coders/palm.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/coders/palm.c b/coders/palm.c
+index 125bab8ff..4cd5522a4 100644
+--- a/coders/palm.c
++++ b/coders/palm.c
+@@ -779,7 +779,7 @@ static MagickBooleanType WritePALMImage(const ImageInfo *image_info,
+   {
+     (void) TransformImageColorspace(image,sRGBColorspace);
+     count=GetNumberColors(image,NULL,exception);
+-    for (bits_per_pixel=1;  (one << bits_per_pixel) < count; bits_per_pixel*=2) ;
++    for (bits_per_pixel=1; (one << bits_per_pixel) < count; bits_per_pixel*=2) ;
+     if (bits_per_pixel > 16)
+       bits_per_pixel=16;
+     else
+@@ -879,7 +879,7 @@ static MagickBooleanType WritePALMImage(const ImageInfo *image_info,
+     last_row=(unsigned char *) NULL;
+     if (image_info->compression == FaxCompression)
+       {
+-        last_row=(unsigned char *) AcquireQuantumMemory(bytes_per_row,
++        last_row=(unsigned char *) AcquireQuantumMemory(bytes_per_row+256,
+           sizeof(*last_row));
+         if (last_row == (unsigned char *) NULL)
+           {
+@@ -887,7 +887,7 @@ static MagickBooleanType WritePALMImage(const ImageInfo *image_info,
+             ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
+           }
+       }
+-    one_row=(unsigned char *) AcquireQuantumMemory(bytes_per_row,
++    one_row=(unsigned char *) AcquireQuantumMemory(bytes_per_row+256,
+       sizeof(*one_row));
+     if (one_row == (unsigned char *) NULL)
+       {
diff --git a/CVE-2020-25674.patch b/CVE-2020-25674.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f9325d40c477b1014d557160a5930c5083cd8196
--- /dev/null
+++ b/CVE-2020-25674.patch
@@ -0,0 +1,22 @@
+From 2fdff8e040cd4401498d89f3c3d1f89cffd118b0 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Fri, 4 Oct 2019 19:00:10 -0400
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1715
+
+---
+ coders/png.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/png.c b/coders/png.c
+index af50b863d..410741059 100644
+--- a/coders/png.c
++++ b/coders/png.c
+@@ -8790,7 +8790,7 @@ static MagickBooleanType WriteOnePNGImage(MngInfo *mng_info,
+          (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+              "        i    (red,green,blue,opacity)");
+ 
+-         for (i=0; i < 256; i++)
++         for (i=0; i < MagickMin(image->colors,256); i++)
+          {
+                (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+                    "        %d    (%d,%d,%d,%d)",
diff --git a/CVE-2020-27750.patch b/CVE-2020-27750.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f44d305db8255341da520a1abf39190eed2e7fc8
--- /dev/null
+++ b/CVE-2020-27750.patch
@@ -0,0 +1,26 @@
+From c7038e710ad0204d6cb37a0229fc55f6f8a8662f Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Thu, 3 Oct 2019 17:39:55 -0400
+Subject: [PATCH] ://github.com/ImageMagick/ImageMagick/issues/1711
+
+---
+ magick/colorspace-private.h | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/magick/colorspace-private.h b/magick/colorspace-private.h
+index 652e44547..090723756 100644
+--- a/magick/colorspace-private.h
++++ b/magick/colorspace-private.h
+@@ -75,9 +75,9 @@ static inline void ConvertRGBToCMYK(MagickPixelPacket *pixel)
+     black=magenta;
+   if (yellow < black)
+     black=yellow;
+-  cyan=(MagickRealType) ((cyan-black)/(1.0-black));
+-  magenta=(MagickRealType) ((magenta-black)/(1.0-black));
+-  yellow=(MagickRealType) ((yellow-black)/(1.0-black));
++  cyan=(MagickRealType) (PerceptibleReciprocal(1.0-black)*(cyan-black));
++  magenta=(MagickRealType) (PerceptibleReciprocal(1.0-black)*(magenta-black));
++  yellow=(MagickRealType) (PerceptibleReciprocal(1.0-black)*(yellow-black));
+   pixel->colorspace=CMYKColorspace;
+   pixel->red=QuantumRange*cyan;
+   pixel->green=QuantumRange*magenta;
diff --git a/ImageMagick.spec b/ImageMagick.spec
index dfedce412953db6768ac6fbd5635bd7f9dce9622..8e71a59e10610039df88b06e8252d7f531bb5554 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -1,7 +1,7 @@
 Name:           ImageMagick
 Epoch:          1
 Version:        6.9.10.67
-Release:        14
+Release:        15
 Summary:        Create, edit, compose, or convert bitmap images
 License:        ImageMagick and MIT
 Url:            http://www.imagemagick.org/
@@ -38,6 +38,9 @@ Patch0028:      CVE-2020-27773.patch
 Patch0029:      CVE-2020-27768-pre1.patch
 Patch0030:      CVE-2020-27768-pre2.patch
 Patch0031:      CVE-2020-27768.patch
+Patch0032:      CVE-2020-27750.patch
+Patch0033:      CVE-2020-25665.patch
+Patch0034:      CVE-2020-25674.patch
 
 BuildRequires:  bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
 BuildRequires:  libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@@ -195,6 +198,9 @@ rm PerlMagick/demo/Generic.ttf
 %{_libdir}/pkgconfig/ImageMagick++*
 
 %changelog
+* Mon Mar 8 2021 zhanghua <zhanghua40@huawei.com> - 6.9.10.67-15
+- Fix CVE-2020-27750 CVE-2020-25665 CVE-2020-25674
+
 * Wed Mar 03 2021 wangyue <wangyue92@huawei.com> - 6.9.10.67-14
 - Fix CVE-2020-27768