diff --git a/backport-CVE-2024-46955.patch b/backport-CVE-2024-46955.patch
new file mode 100644
index 0000000000000000000000000000000000000000..528b36db792272beba07470fa140917da934b1b3
--- /dev/null
+++ b/backport-CVE-2024-46955.patch
@@ -0,0 +1,60 @@
+From ca1fc2aefe9796e321d0589afe7efb35063c8b2a Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Fri, 30 Aug 2024 13:11:53 +0100
+Subject: [PATCH] PS interpreter - check Indexed colour space index
+
+Bug #707990 "Out of bounds read when reading color in "Indexed" color space"
+
+Check the 'index' is in the valid range (0 to hival) for the colour
+space.
+
+Also a couple of additional checks on the type of the 'proc' for
+Indexed, DeviceN and Separation spaces. Make sure these really are
+procs in case the user changed the colour space array.
+
+CVE-2024-46955
+---
+ psi/zcolor.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/psi/zcolor.c b/psi/zcolor.c
+index 373bc06..7c00033 100644
+--- a/psi/zcolor.c
++++ b/psi/zcolor.c
+@@ -3635,6 +3635,7 @@ static int septransform(i_ctx_t *i_ctx_p, ref *sepspace, int *usealternate, int
+         code = array_get(imemory, sepspace, 3, &proc);
+         if (code < 0)
+             return code;
++        check_proc(proc);
+         *esp = proc;
+         return o_push_estack;
+     }
+@@ -4457,6 +4458,7 @@ static int devicentransform(i_ctx_t *i_ctx_p, ref *devicenspace, int *usealterna
+         code = array_get(imemory, devicenspace, 3, &proc);
+         if (code < 0)
+             return code;
++		check_proc(proc);
+         *esp = proc;
+         return o_push_estack;
+     }
+@@ -4872,6 +4874,7 @@ static int indexedbasecolor(i_ctx_t * i_ctx_p, ref *space, int base, int *stage,
+             code = array_get(imemory, space, 3, &proc);
+             if (code < 0)
+                 return code;
++            check_proc(proc);
+             *ep = proc;	/* lookup proc */
+             return o_push_estack;
+         } else {
+@@ -4885,6 +4888,9 @@ static int indexedbasecolor(i_ctx_t * i_ctx_p, ref *space, int base, int *stage,
+             if (!r_has_type(op, t_integer))
+                 return_error (gs_error_typecheck);
+             index = op->value.intval;
++            /* Ensure it is in range. See bug #707990 */
++            if (index < 0 || index > pcs->params.indexed.hival)
++                return_error(gs_error_rangecheck);
+             /* And remove it from the stack. */
+             pop(1);
+             op = osp;
+-- 
+2.33.0
+
diff --git a/ghostscript.spec b/ghostscript.spec
index 2998844f997f4aef49e4668346ee3e892b77661a..5317a9b9f058509354f3deed3f95d1b87b242e14 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -9,7 +9,7 @@
 
 Name:             ghostscript
 Version:          9.52
-Release:          18
+Release:          19
 Summary:          An interpreter for PostScript and PDF files
 License:          AGPLv3+
 URL:              https://ghostscript.com/
@@ -62,6 +62,7 @@ Patch43: backport-CVE-2024-29508.patch
 Patch44:  fix-CVE-2024-33871.patch
 Patch45:  backport-CVE-2024-46953.patch
 Patch46:  backport-CVE-2024-46956.patch
+Patch47:  backport-CVE-2024-46955.patch
 
 BuildRequires:    automake gcc
 BuildRequires:    adobe-mappings-cmap-devel adobe-mappings-pdf-devel
@@ -222,6 +223,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
 %{_bindir}/dvipdf
 
 %changelog
+* Wed Oct 30 2024 liningjie <liningjie@xfusion.com> - 9.52-19
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DECS: Fix CVE-2024-46955
+
 * Fri Oct 25 2024 liningjie <liningjie@xfusion.com> - 9.52-18
 - Type:CVE
 - ID:NA