diff --git a/ghostscript-9.23-100-run-dvipdf-securely.patch b/ghostscript-9.23-100-run-dvipdf-securely.patch
new file mode 100644
index 0000000000000000000000000000000000000000..80b0b7daf0b3c753121ef6d0d380d992181464e2
--- /dev/null
+++ b/ghostscript-9.23-100-run-dvipdf-securely.patch
@@ -0,0 +1,22 @@
+From 91c9c6d17d445781ee572c281b8b9d75d96f9df8 Mon Sep 17 00:00:00 2001
+From: "David Kaspar [Dee'Kej]" <dkaspar@redhat.com>
+Date: Fri, 7 Oct 2016 13:57:01 +0200
+Subject: [PATCH] Make sure 'dvipdf' is being run securely
+
+---
+ lib/dvipdf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/dvipdf b/lib/dvipdf
+index 802aeab..c92dfb0 100755
+--- a/lib/dvipdf
++++ b/lib/dvipdf
+@@ -43,4 +43,4 @@ fi
+ 
+ # We have to include the options twice because -I only takes effect if it
+ # appears before other options.
+-exec dvips -Ppdf $DVIPSOPTIONS -q -f "$infile" | $GS_EXECUTABLE $OPTIONS -q -P- -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile="$outfile" $OPTIONS -c .setpdfwrite -
++exec dvips -R -Ppdf $DVIPSOPTIONS -q -f "$infile" | $GS_EXECUTABLE $OPTIONS -q -P- -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile="$outfile" $OPTIONS -c .setpdfwrite -
+-- 
+2.14.3
+
diff --git a/ghostscript.spec b/ghostscript.spec
index 28fdcc3a849c7385dc9f44515557e7f9b6d8abf2..41be06b87afaf852fdac0572e67b5a5d31a95fc9 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -9,7 +9,7 @@
 
 Name:             ghostscript
 Version:          9.27
-Release:          6
+Release:          7
 Summary:          An interpreter for PostScript and PDF files
 License:          AGPLv3+
 URL:              https://ghostscript.com/
@@ -20,7 +20,7 @@ Patch0: CVE-2019-10216.patch
 Patch1: CVE-2019-14811-CVE-2019-14812-CVE-2019-14813.patch
 Patch2: CVE-2019-14817.patch
 Patch3: CVE-2019-14869.patch
-
+Patch4: ghostscript-9.23-100-run-dvipdf-securely.patch
 BuildRequires:    automake gcc
 BuildRequires:    adobe-mappings-cmap-devel adobe-mappings-pdf-devel
 BuildRequires:    google-droid-sans-fonts urw-base35-fonts-devel
@@ -180,6 +180,12 @@ make check
 %{_bindir}/dvipdf
 
 %changelog
+* Wed Mar 18 2020 openEuler Buildteam <buildteam@openeuler.org> - 9.27-7
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:add run dvipdf securely
+
 * Tue Jan 7 2020 chengquan<chengquan3@huawei.com> - 9.27-6
 - Type:CVE
 - ID:NA