diff --git a/backport-CVE-2023-32324.patch b/backport-CVE-2023-32324.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c5c2672964ced0dd90174bf15cd040201ba2de8f
--- /dev/null
+++ b/backport-CVE-2023-32324.patch
@@ -0,0 +1,37 @@
+From fd8bc2d32589d1fd91fe1c0521be2a7c0462109e Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Thu, 1 Jun 2023 12:04:00 +0200
+Subject: [PATCH] cups/string.c: Return if `size` is 0 (fixes CVE-2023-32324)
+
+Reference:https://github.com/OpenPrinting/cups/commit/fd8bc2d32589d1fd91fe1c0521be2a7c0462109e
+Conflict:NA
+
+---
+ cups/string.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/cups/string.c b/cups/string.c
+index 93cdad1..5def888 100644
+--- a/cups/string.c
++++ b/cups/string.c
+@@ -1,6 +1,7 @@
+ /*
+  * String functions for CUPS.
+  *
++ * Copyright © 2023 by OpenPrinting.
+  * Copyright © 2007-2019 by Apple Inc.
+  * Copyright © 1997-2007 by Easy Software Products.
+  *
+@@ -730,6 +731,9 @@ _cups_strlcpy(char       *dst,		/* O - Destination string */
+   size_t	srclen;			/* Length of source string */
+ 
+ 
++  if (size == 0)
++    return (0);
++
+  /*
+   * Figure out how much room is needed...
+   */
+-- 
+2.27.0
+
diff --git a/cups.spec b/cups.spec
index ddb04954f12ad8dec1228c65372ec7b6317d3789..f0971cc49b68f9fd6c24c29effef061bc106bd89 100644
--- a/cups.spec
+++ b/cups.spec
@@ -3,7 +3,7 @@
 Name:    cups
 Epoch:   1
 Version: 2.4.0
-Release: 5
+Release: 6
 Summary: CUPS is the standards-based, open source printing system for linux operating systems.
 License: GPLv2+ and LGPLv2+ with exceptions and AML
 Url:     https://openprinting.github.io/cups/
@@ -27,6 +27,7 @@ Patch10: cups-web-devices-timeout.patch
 Patch6000: backport-CVE-2022-26691.patch
 Patch6001: backport-Remove-legacy-code-for-RIP_MAX_CACHE-environment-variable.patch
 Patch6002: backport-Also-fix-cupsfilter.patch
+Patch6003: backport-CVE-2023-32324.patch
 
 BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0)
 BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups
@@ -448,6 +449,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
 %doc %{_datadir}/%{name}/www/apple-touch-icon.png
 
 %changelog
+* Sat Jun 3 2023 zhouwenpei <zhouwenpei@h-partners.com> - 1:2.4.0-6
+- fix CVE-2023-32324
+
 * Tue Feb 21 2023 zhouwenpei <zhouwenpei@h-partners.com> - 2.4.0-5
 - fix update conflict of devel and help