diff --git a/Fix-integer-overflow-when-comparing-schema-dates.patch b/Fix-integer-overflow-when-comparing-schema-dates.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a51ae7ed8f2b2423b66a43636926e06e5e715558
--- /dev/null
+++ b/Fix-integer-overflow-when-comparing-schema-dates.patch
@@ -0,0 +1,41 @@
+From 8e7c20a1af8776677d7890f30b7a180567701a49 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 3 Aug 2020 17:30:41 +0200
+Subject: Fix integer overflow when comparing schema dates
+
+Found by OSS-Fuzz.
+---
+ xmlschemastypes.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/xmlschemastypes.c b/xmlschemastypes.c
+index 4249d70..d6b9f92 100644
+--- a/xmlschemastypes.c
++++ b/xmlschemastypes.c
+@@ -3691,6 +3691,8 @@ xmlSchemaCompareDurations(xmlSchemaValPtr x, xmlSchemaValPtr y)
+ 	minday = 0;
+ 	maxday = 0;
+     } else {
++        if (myear > LONG_MAX / 366)
++            return -2;
+         /* FIXME: This doesn't take leap year exceptions every 100/400 years
+            into account. */
+ 	maxday = 365 * myear + (myear + 3) / 4;
+@@ -4079,6 +4081,14 @@ xmlSchemaCompareDates (xmlSchemaValPtr x, xmlSchemaValPtr y)
+     if ((x == NULL) || (y == NULL))
+         return -2;
+ 
++    if ((x->value.date.year > LONG_MAX / 366) ||
++        (x->value.date.year < LONG_MIN / 366) ||
++        (y->value.date.year > LONG_MAX / 366) ||
++        (y->value.date.year < LONG_MIN / 366)) {
++        /* Possible overflow when converting to days. */
++        return -2;
++    }
++
+     if (x->value.date.tz_flag) {
+ 
+         if (!y->value.date.tz_flag) {
+-- 
+1.8.3.1
+
diff --git a/libxml2.spec b/libxml2.spec
index 1265fc51efe7b760a3b60c16f8e5122125d596f9..de8e7333ce140c2e5ed0c05162d8626b3ec79eaf 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -1,7 +1,7 @@
 Summary: Library providing XML and HTML support
 Name: libxml2
 Version: 2.9.10
-Release: 6
+Release: 7
 License: MIT
 Group: Development/Libraries
 Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz
@@ -33,6 +33,7 @@ Patch23:  Limit-regexp-nesting-depth.patch
 Patch24:  Fix-exponential-runtime-in-xmlFARecurseDeterminism.patch
 Patch25:  Fix-more-quadratic-runtime-issues-in-HTML-push-parse.patch
 Patch26:  Reset-HTML-parser-input-before-reporting-error.patch
+Patch27:  Fix-integer-overflow-when-comparing-schema-dates.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: python2-devel
@@ -224,6 +225,9 @@ rm -fr %{buildroot}
 
 
 %changelog
+* Thu Oct 15 2020 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 2.9.10-7
+- Fix CVE-2020-24977
+
 * Fri Aug 28 2020 zoulin <zoulin13@huawei.com> - 2.9.10-6
 - Fix more quadratic runtime issues in HTML push parse
 - Fix reset HTML parser input before reporting error