diff --git a/CVE-2025-5473.patch b/CVE-2025-5473.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4efaa498e502f2cd3c09f1840086c08118aa8e21
--- /dev/null
+++ b/CVE-2025-5473.patch
@@ -0,0 +1,38 @@
+From c855d1df60ebaf5ef8d02807d448eb088f147a2b Mon Sep 17 00:00:00 2001
+From: Alx Sa <cmyk.student@gmail.com>
+Date: Sat, 3 May 2025 14:13:46 +0000
+Subject: [PATCH] plug-ins: ZDI-CAN-26752 mitigation
+
+Origin: https://gitlab.gnome.org/GNOME/gimp/-/commit/c855d1df60ebaf5ef8d02807d448eb088f147a2b
+
+Resolves #13910
+Since ICO can store PNGs, it's possible to create an
+icon that's much larger than the stated image size and
+cause a buffer overflow.
+This patch adds a check to make sure the width * height * 4
+calculation does not overflow in addition to making sure it
+doesn't exceed the maximum allowed size for that icon.
+---
+ plug-ins/file-ico/ico-load.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/plug-ins/file-ico/ico-load.c b/plug-ins/file-ico/ico-load.c
+index 9a222998bc1..818cf23cd31 100644
+--- a/plug-ins/file-ico/ico-load.c
++++ b/plug-ins/file-ico/ico-load.c
+@@ -299,7 +299,11 @@ ico_read_png (FILE    *fp,
+   png_read_info (png_ptr, info);
+   png_get_IHDR (png_ptr, info, &w, &h, &bit_depth, &color_type,
+                 NULL, NULL, NULL);
+-  if (w*h*4 > maxsize)
++  /* Check for overflow */
++  if ((w * h * 4) < w       ||
++      (w * h * 4) < h       ||
++      (w * h * 4) < (w * h) ||
++      (w * h * 4) > maxsize)
+     {
+       png_destroy_read_struct (&png_ptr, &info, NULL);
+       return FALSE;
+-- 
+GitLab
+
diff --git a/gimp.spec b/gimp.spec
index 29a54e1c97ba1749d37d5cda25b11141a9f77e9f..f06a1d072f0055209204f9af8b7263248a98cea9 100644
--- a/gimp.spec
+++ b/gimp.spec
@@ -35,13 +35,14 @@
 
 Name:           gimp
 Version:        3.0.2
-Release:        1
+Release:        2
 Epoch:          2
 Summary:        The GNU Image Manipulation Program
 License:        GPL-3.0-or-later
 Group:          Productivity/Graphics/Bitmap Editors
 URL:            https://www.gimp.org/
 Source:         https://download.gimp.org/mirror/pub/gimp/v3.0/%{name}-%{version}.tar.xz
+Patch0:         CVE-2025-5473.patch
 BuildRequires:  meson >= 0.61.0
 BuildRequires:  aalib-devel
 BuildRequires:  babl-vala >= %{babl_version}
@@ -521,6 +522,9 @@ install -D -m0644 macros.gimp %{buildroot}%{_rpmconfigdir}/macros.d/macros.gimp
 %dir %{_libdir}/gimp/%{api_version}/extensions/org.gimp.extension.goat-exercises/locale
 
 %changelog
+* Wed Jun 11 2025 wangkai <13474090681@163.com> - 2:3.0.2-2
+- Fix CVE-2025-5473
+
 * Tue May 06 2025 Funda Wang <fundawang@yeah.net> - 2:3.0.2-1
 - 3.0.2