diff --git a/fix-CVE-2024-33871.patch b/fix-CVE-2024-33871.patch
new file mode 100644
index 0000000000000000000000000000000000000000..111871531877c0362dbea73ca1fadf0681ff9f38
--- /dev/null
+++ b/fix-CVE-2024-33871.patch
@@ -0,0 +1,62 @@
+diff --git a/contrib/opvp/gdevopvp.c b/contrib/opvp/gdevopvp.c
+index 70475ad..013a497 100644
+--- a/contrib/opvp/gdevopvp.c
++++ b/contrib/opvp/gdevopvp.c
+@@ -185,7 +185,7 @@ static  int opvp_copy_color(gx_device *, const byte *, int, int,
+ static  int _get_params(gs_param_list *);
+ static  int opvp_get_params(gx_device *, gs_param_list *);
+ static  int oprp_get_params(gx_device *, gs_param_list *);
+-static  int _put_params(gs_param_list *);
++static  int _put_params(gx_device *, gs_param_list *);
+ static  int opvp_put_params(gx_device *, gs_param_list *);
+ static  int oprp_put_params(gx_device *, gs_param_list *);
+ static  int opvp_fill_path(gx_device *, const gs_gstate *, gx_path *,
+@@ -3043,7 +3043,7 @@ _get_params(gs_param_list *plist)
+     /* vector driver name */
+     pname = "Driver";
+     vdps.data = (byte *)vectorDriver;
+-    vdps.size = (vectorDriver ? strlen(vectorDriver) + 1 : 0);
++    vdps.size = (vectorDriver ? strlen(vectorDriver) : 0);
+     vdps.persistent = false;
+     code = param_write_string(plist, pname, &vdps);
+     if (code) ecode = code;
+@@ -3180,7 +3180,7 @@ oprp_get_params(gx_device *dev, gs_param_list *plist)
+  * put params
+  */
+ static  int
+-_put_params(gs_param_list *plist)
++_put_params(gx_device *dev, gs_param_list *plist)
+ {
+     int code;
+     int ecode = 0;
+@@ -3202,6 +3202,12 @@ _put_params(gs_param_list *plist)
+     code = param_read_string(plist, pname, &vdps);
+     switch (code) {
+     case 0:
++        if (gs_is_path_control_active(dev->memory)
++            && (!vectorDriver || strlen(vectorDriver) != vdps.size
++                || memcmp(vectorDriver, vdps.data, vdps.size) != 0)) {
++            param_signal_error(plist, pname, gs_error_invalidaccess);
++            return_error(gs_error_invalidaccess);
++        }
+         buff = realloc(buff, vdps.size + 1);
+         memcpy(buff, vdps.data, vdps.size);
+         buff[vdps.size] = 0;
+@@ -3403,7 +3409,7 @@ opvp_put_params(gx_device *dev, gs_param_list *plist)
+     int code;
+ 
+     /* put params */
+-    code = _put_params(plist);
++    code = _put_params(dev, plist);
+     if (code) return code;
+ 
+     /* put default params */
+@@ -3419,7 +3425,7 @@ oprp_put_params(gx_device *dev, gs_param_list *plist)
+     int code;
+ 
+     /* put params */
+-    code = _put_params(plist);
++    code = _put_params(dev, plist);
+     if (code) return code;
+ 
+     /* put default params */
diff --git a/ghostscript.spec b/ghostscript.spec
index 32fe230e6c27c9148b34062e67f5fef20118eaae..eddb87d9c8eb9a8fb245a595d8adda2140ea8584 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -9,7 +9,7 @@
 
 Name:             ghostscript
 Version:          9.52
-Release:          15
+Release:          16
 Summary:          An interpreter for PostScript and PDF files
 License:          AGPLv3+
 URL:              https://ghostscript.com/
@@ -59,6 +59,7 @@ Patch40:  fix-CVE-2024-29510.patch
 Patch41:  fix-CVE-2024-33869.patch
 Patch42:  fix-CVE-2024-33870.patch
 Patch43: backport-CVE-2024-29508.patch
+Patch44:  fix-CVE-2024-33871.patch
 
 BuildRequires:    automake gcc
 BuildRequires:    adobe-mappings-cmap-devel adobe-mappings-pdf-devel
@@ -219,6 +220,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
 %{_bindir}/dvipdf
 
 %changelog
+* Tue Sep 24 2024 dillon chen <dillon.chen@gmail.com> - 9.52-16
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DECS: fix CVE-2024-33871
+
 * Fri Aug 16 2024 zhangxianting <zhangxianting@uniontech.com> - 9.52-15
 - Type:CVE
 - ID:NA