diff --git a/backport-CVE-2025-27830.patch b/backport-CVE-2025-27830.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f7bfe22f390e198d0ecbb30cf857bbca02f873f8
--- /dev/null
+++ b/backport-CVE-2025-27830.patch
@@ -0,0 +1,55 @@
+Backport of:
+
+From 8474e1d6b896e35741d3c608ea5c21deeec1078f Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Mon, 13 Jan 2025 09:15:01 +0000
+Subject: Bug 708241: Fix potential Buffer overflow with DollarBlend
+
+During serializing a multiple master font for passing to Freetype.
+
+Use CVE-2025-27830
+---
+ base/write_t1.c | 9 +++++----
+ psi/zfapi.c     | 9 +++++++--
+ 2 files changed, 12 insertions(+), 6 deletions(-)
+
+--- a/base/write_t1.c
++++ b/base/write_t1.c
+@@ -454,6 +454,7 @@ write_main_dictionary(gs_fapi_font * a_f
+     WRF_wbyte(a_fapi_font->memory, a_output, '\n');
+     if (is_MM_font(a_fapi_font)) {
+         short x, x2;
++        unsigned short ux;
+         float x1;
+         uint i, j, entries;
+         char Buffer[255];
+@@ -548,14 +549,14 @@ write_main_dictionary(gs_fapi_font * a_f
+          * be because the "get_proc" method below was missing the code to handle PS name
+          * objects.
+          */
+-        if ((x =
++        if ((ux =
+              a_fapi_font->get_word(a_fapi_font,
+                                    gs_fapi_font_feature_DollarBlend_length,
+                                    0)) > 0) {
+             WRF_wstring(a_fapi_font->memory, a_output, "/$Blend {");
+ 
+             if (a_output->m_count)
+-                a_output->m_count += x;
++                a_output->m_count += ux;
+             x = a_fapi_font->get_proc(a_fapi_font,
+                                       gs_fapi_font_feature_DollarBlend, 0,
+                                       (char *)a_output->m_pos);
+--- a/psi/zfapi.c
++++ b/psi/zfapi.c
+@@ -618,6 +618,10 @@ FAPI_FF_get_word(gs_fapi_font *ff, gs_fa
+                         default:
+                             break;
+                     }
++
++                    if (length > max_ushort) {
++                        return 0;
++                    }
+                 }
+                 return length;
+             }
diff --git a/ghostscript.spec b/ghostscript.spec
index 02167a66fdaf43af96750f070084e8e77403d897..d56c4bd9c9b9b58f45d6d135ffd8a40d5321bb18 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -9,7 +9,7 @@
 
 Name:             ghostscript
 Version:          9.52
-Release:          21
+Release:          22
 Summary:          An interpreter for PostScript and PDF files
 License:          AGPLv3+
 URL:              https://ghostscript.com/
@@ -64,9 +64,10 @@ Patch45:  backport-CVE-2024-46953.patch
 Patch46:  backport-CVE-2024-46956.patch
 Patch47:  backport-CVE-2024-46955.patch
 Patch48:  backport-CVE-2024-46951.patch
-Patch49:  backport-CVE-2025-27832.patch
-Patch50:  backport-CVE-2025-27835.patch
-Patch60:  backport-CVE-2025-27836.patch
+Patch49:  backport-CVE-2025-27830.patch
+Patch50:  backport-CVE-2025-27832.patch
+Patch51:  backport-CVE-2025-27835.patch
+Patch52:  backport-CVE-2025-27836.patch
 
 BuildRequires:    automake gcc
 BuildRequires:    adobe-mappings-cmap-devel adobe-mappings-pdf-devel
@@ -227,6 +228,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
 %{_bindir}/dvipdf
 
 %changelog
+* Tue Apr 01 2025 Funda Wang <fundawang@yeah.net> - 9.52-22
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DECS: Fix CVE-2025-27830
+
 * Thu Mar 27 2025 Funda Wang <fundawang@yeah.net> - 9.52-21
 - Type:CVE
 - ID:NA