diff --git a/CVE-2021-29623.patch b/CVE-2021-29623.patch
new file mode 100644
index 0000000000000000000000000000000000000000..427745e1053189ac9d442e0f938ddfded111ee03
--- /dev/null
+++ b/CVE-2021-29623.patch
@@ -0,0 +1,26 @@
+From 0f9eb74c44c908e170a64cab590949d53749af8e Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Tue, 11 May 2021 12:14:33 +0100
+Subject: [PATCH] Use readOrThrow to check error conditions of iIo.read().
+
+---
+ src/webpimage.cpp | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/webpimage.cpp b/src/webpimage.cpp
+index 7c64ff3d7..ca26e514a 100644
+--- a/src/webpimage.cpp
++++ b/src/webpimage.cpp
+@@ -754,9 +754,9 @@ namespace Exiv2 {
+         byte webp[len];
+         byte data[len];
+         byte riff[len];
+-        iIo.read(riff, len);
+-        iIo.read(data, len);
+-        iIo.read(webp, len);
++        readOrThrow(iIo, riff, len, Exiv2::kerCorruptedMetadata);
++        readOrThrow(iIo, data, len, Exiv2::kerCorruptedMetadata);
++        readOrThrow(iIo, webp, len, Exiv2::kerCorruptedMetadata);
+         bool matched_riff = (memcmp(riff, RiffImageId, len) == 0);
+         bool matched_webp = (memcmp(webp, WebPImageId, len) == 0);
+         iIo.seek(-12, BasicIo::cur);
diff --git a/exiv2.spec b/exiv2.spec
index 5ef5edb0fd337f021473f85b0dd3546546151f6a..95985cd3dd014ae40ce11df44dceecee19acea00 100644
--- a/exiv2.spec
+++ b/exiv2.spec
@@ -1,6 +1,6 @@
 Name:    exiv2
 Version: 0.26
-Release: 26
+Release: 27
 Summary: Exif, IPTC and XMP metadata and the ICC Profile
 License: GPLv2+
 URL:     http://www.exiv2.org/
@@ -67,6 +67,7 @@ Patch6034: backport-0002-CVE-2021-29463.patch
 Patch6035: backport-CVE-2021-29464.patch
 Patch6036: backport-CVE-2021-29463.patch
 Patch6037: backport-CVE-2021-29473.patch
+Patch6038: CVE-2021-29623.patch
 
 Provides: exiv2-libs
 Obsoletes: exiv2-libs
@@ -130,6 +131,12 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
 %{_datadir}/doc/html/
 
 %changelog
+* Wed May 26 2021 zhaomengchao <zhaomengchao3@huawei.com> - 0.26-27
+- Type:cves
+- ID:CVE-2021-29623
+- SUG:NA
+- DESC:fix CVE-2021-29623
+
 * Wed May 12 2021 wangkerong <wangkerong@huawei.com> - 0.26-26
 - Type:cves
 - ID:CVE-2021-29464 CVE-2021-29463 CVE-2021-29473