diff --git a/CVE-2022-3755.patch b/CVE-2022-3755.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9d40f8eca1a4738eca6cef562849b6f3e1bcef05
--- /dev/null
+++ b/CVE-2022-3755.patch
@@ -0,0 +1,28 @@
+From 789ec5408f885709eef0a820416658b6e3882c0c Mon Sep 17 00:00:00 2001
+From: qz_cx <wangqingzheng@kylinos.cn>
+Date: Mon, 31 Oct 2022 15:13:45 +0800
+Subject: [PATCH] Credit to
+ OSS-Fuzz:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52382
+
+Avoid null pointer deref #2384
+ Merged
+kevinbackhouse merged 2 commits into Exiv2
+---
+ src/quicktimevideo.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/quicktimevideo.cpp b/src/quicktimevideo.cpp
+index 335d884..ef1a6e5 100644
+--- a/src/quicktimevideo.cpp
++++ b/src/quicktimevideo.cpp
+@@ -915,6 +915,7 @@ namespace Exiv2 {
+             }
+ 
+             else if(equalsQTimeTag(buf, "CMbo") || equalsQTimeTag(buf, "Cmbo")) {
++		enforce(tv, Exiv2::ErrorCode::kerCorruptedMetadata);
+                 io_->read(buf.pData_, 2);
+                 buf.pData_[2] = '\0' ;
+                 tv_internal = find(cameraByteOrderTags, Exiv2::toString( buf.pData_));
+-- 
+2.33.0
+
diff --git a/CVE-2022-3756.patch b/CVE-2022-3756.patch
new file mode 100644
index 0000000000000000000000000000000000000000..90618e6a4bd4d28b902650a0fee30cf591d92094
--- /dev/null
+++ b/CVE-2022-3756.patch
@@ -0,0 +1,30 @@
+From be374cc6cd51906eaacc7a4f77c9ac37ea7c69c7 Mon Sep 17 00:00:00 2001
+From: qz_cx <wangqingzheng@kylinos.cn>
+Date: Mon, 31 Oct 2022 14:29:31 +0800
+Subject: [PATCH] Avoid potential integer overflow.
+
+Merge pull request #2347 from kevinbackhouse/quicktimevideo-size-calc
+
+Avoid potential integer overflow in QuickTimeVideo::userDataDecoder
+@kevinbackhouse
+kevinbackhouse committed on 7 Sep
+---
+ src/quicktimevideo.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/quicktimevideo.cpp b/src/quicktimevideo.cpp
+index 335d884..9b80947 100644
+--- a/src/quicktimevideo.cpp
++++ b/src/quicktimevideo.cpp
+@@ -895,7 +895,7 @@ namespace Exiv2 {
+ 
+             tv = find(userDataReferencetags, Exiv2::toString( buf.pData_));
+ 
+-            if(size == 0 || (size - 12) <= 0)
++	    if (size <= 12)
+                 break;
+ 
+             else if(equalsQTimeTag(buf, "DcMD")  || equalsQTimeTag(buf, "NCDT"))
+-- 
+2.33.0
+
diff --git a/exiv2.spec b/exiv2.spec
index 7a8043a48124219e0667eb8f923737d01e6450fc..913883bb93307ec41f400de648a0ab2530ec2ce2 100644
--- a/exiv2.spec
+++ b/exiv2.spec
@@ -1,10 +1,12 @@
 Name:    exiv2
 Version: 0.27.5
-Release: 2
+Release: 3
 Summary: Exif, IPTC and XMP metadata and the ICC Profile
 License: GPLv2+
 URL:     http://www.exiv2.org/
 Source0: https://github.com/Exiv2/exiv2/archive/refs/tags/v%{version}.tar.gz
+Patch0001:  CVE-2022-3755.patch
+Patch0002:  CVE-2022-3756.patch
 
 Provides: exiv2-libs
 Obsoletes: exiv2-libs
@@ -76,6 +78,9 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
 %{_pkgdocdir}/
 
 %changelog
+* Thu Nov 10 2022 jiangpeng <jiangpeng01@ncti-gba.cn> - 0.27.5-3
+- Fix CVE-2022-3755 CVE-2022-3756
+
 * Tue Oct 18 2022 yaoxin <yaoxin30@h-partners.com> - 0.27.5-2
 - Remove rpath