diff --git a/CVE-2023-37328.patch b/CVE-2023-37328.patch
new file mode 100644
index 0000000000000000000000000000000000000000..70e41ae58c34a48ff58b9423f20cb6fb5b58c152
--- /dev/null
+++ b/CVE-2023-37328.patch
@@ -0,0 +1,25 @@
+From 0f60d9439839dd2a61f74dea6148afad9af4c8a6 Mon Sep 17 00:00:00 2001
+From: technology208 <technology@208suo.com>
+Date: Thu, 14 Mar 2024 23:31:14 +0800
+Subject: [PATCH] Create Path
+
+---
+ gst/subparse/gstsubparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c
+index 4254158..7b44307 100644
+--- a/gst/subparse/gstsubparse.c
++++ b/gst/subparse/gstsubparse.c
+@@ -814,7 +814,7 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
+     }
+ 
+     if (*next_tag == '<' && *(next_tag + 1) == '/') {
+-      end_tag = strchr (cur, '>');
++      end_tag = strchr (end_tag, '>');
+       if (end_tag) {
+         const gchar *last = NULL;
+         if (num_open_tags > 0)
+-- 
+2.33.0
+
diff --git a/gstreamer1-plugins-base.spec b/gstreamer1-plugins-base.spec
index 80d3c5abe8ec28dc3edf6a6f077d2783a726a18a..bfe48368dc1d176024e2bddca07ec5db921f5c73 100644
--- a/gstreamer1-plugins-base.spec
+++ b/gstreamer1-plugins-base.spec
@@ -3,7 +3,7 @@
 
 Name:            gstreamer1-plugins-base
 Version:         1.16.2
-Release:         2
+Release:         3
 Summary:         GStreamer streaming media framework base plugins
 License:         LGPLv2+
 URL:             http://gstreamer.freedesktop.org/
@@ -13,6 +13,7 @@ Patch0:         0001-missing-plugins-Remove-the-mpegaudioversion-field.patch
 Patch1:         Adapt-to-backwards-incompatible-change-in-GUN.patch
 
 Patch6000:      backport-CVE-2021-3522.patch
+Patch6001:      CVE-2023-37328.patch
 
 BuildRequires:  gcc-c++ gstreamer1-devel >= %{version} gobject-introspection-devel >= 1.31.1 iso-codes-devel alsa-lib-devel
 BuildRequires:  cdparanoia-devel libogg-devel >= 1.0 libtheora-devel >= 1.1 libvisual-devel libvorbis-devel >= 1.0 libXv-devel
@@ -52,6 +53,8 @@ This package provides manual for developpers.
 %patch0 -p1
 %patch1 -p1
 %patch6000 -p1
+%patch6001 -p1
+
 
 %build
 NOCONFIGURE=1 \
@@ -273,6 +276,9 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -fv {} ';'
 %{_mandir}/man1/gst-device-monitor-*.gz
 
 %changelog
+* Fri Mar 15 2024 technology208 <technology@208suo.com> - 1.16.2-3
+- fix CVE-2023-37328
+
 * Fri Mar 18 2022 dongyuzhen <dongyuzhen@h-partners.com> - 1.16.2-2
 - fix CVE-2021-3522