diff --git a/CVE-2022-45198.patch b/CVE-2022-45198.patch
new file mode 100644
index 0000000000000000000000000000000000000000..971d42a4f7a22c5371a4571884884906416f230e
--- /dev/null
+++ b/CVE-2022-45198.patch
@@ -0,0 +1,41 @@
+From 20c10c81927790c700480a67dc48aebe2228d6e2 Mon Sep 17 00:00:00 2001
+From: zhangshaoning <zhangshaoning@uniontech.com>
+Date: Sat, 6 May 2023 15:06:22 +0800
+Subject: [PATCH] CVE-2022-45198
+
+---
+ Tests/test_decompression_bomb.py            |   5 +++++
+ src/PIL/GifImagePlugin.py                   |   1 +
+ 2 files changed, 6 insertions(+)
+
+diff --git a/Tests/test_decompression_bomb.py b/Tests/test_decompression_bomb.py
+index d918ef9..18fed06 100644
+--- a/Tests/test_decompression_bomb.py
++++ b/Tests/test_decompression_bomb.py
+@@ -62,6 +62,11 @@ class TestDecompressionBomb:
+             with Image.open("Tests/images/decompression_bomb.gif"):
+                 pass
+ 
++    def test_exception_gif_extents(self):
++        with Image.open("Tests/images/decompression_bomb_extents.gif") as im:
++            with pytest.raises(Image.DecompressionBombError):
++                im.seek(1)
++
+     def test_exception_bmp(self):
+         with pytest.raises(Image.DecompressionBombError):
+             with Image.open("Tests/images/bmp/b/reallybig.bmp"):
+diff --git a/src/PIL/GifImagePlugin.py b/src/PIL/GifImagePlugin.py
+index 8c2180b..04b567a 100644
+--- a/src/PIL/GifImagePlugin.py
++++ b/src/PIL/GifImagePlugin.py
+@@ -247,6 +247,7 @@ class GifImageFile(ImageFile.ImageFile):
+                 x1, y1 = x0 + i16(s, 4), y0 + i16(s, 6)
+                 if x1 > self.size[0] or y1 > self.size[1]:
+                     self._size = max(x1, self.size[0]), max(y1, self.size[1])
++                    Image._decompression_bomb_check(self._size)
+                 self.dispose_extent = x0, y0, x1, y1
+                 flags = s[8]
+ 
+-- 
+2.20.1
+
diff --git a/decompression_bomb_extents.gif b/decompression_bomb_extents.gif
new file mode 100644
index 0000000000000000000000000000000000000000..0d5ff03f525904d4bc29e3b22f70b45eb1c2cba7
Binary files /dev/null and b/decompression_bomb_extents.gif differ
diff --git a/python-pillow.spec b/python-pillow.spec
index 512b034cc0cdd5d40bc49b7d37aa3d519aa8c8cd..0c7bff1b3a69b2b3448073727995668b2575542a 100644
--- a/python-pillow.spec
+++ b/python-pillow.spec
@@ -5,18 +5,20 @@
  
 Name:           python-pillow
 Version:        9.0.1
-Release:        3
+Release:        4
 Summary:        Python image processing library 
 License:        MIT
 URL:            http://python-pillow.github.io/
 Source0:        https://github.com/python-pillow/Pillow/archive/%{version}/Pillow-%{version}.tar.gz
 Source1:        oom-225817ca0f8c663be7ab4b9e717b02c661e66834.tif
+# https://github.com/python-pillow/Pillow/blob/c9f1b35/Tests/images/decompression_bomb_extents.gif
+Source2:        decompression_bomb_extents.gif
 
 Patch0000:      python-pillow_spinxwarn.patch
 Patch0001:      python-pillow_sphinx-issues.patch
 Patch0002:      CVE-2022-45199.patch
-
-Patch6001:      CVE-2023-44271.patch
+Patch0003:      CVE-2023-44271.patch
+Patch0004:      CVE-2022-45198.patch
 
 BuildRequires:  freetype-devel ghostscript lcms2-devel libimagequant-devel libjpeg-devel libraqm-devel libtiff-devel
 BuildRequires:  libwebp-devel openjpeg2-devel tk-devel zlib-devel python3-cffi python3-devel python3-numpy python3-olefile
@@ -95,6 +97,7 @@ Qt pillow image wrapper.
  
 %build
 cp %{SOURCE1} Tests/images/
+cp %{SOURCE2} Tests/images/
 
 %py3_build
 
@@ -149,6 +152,9 @@ popd
 %{python3_sitearch}/PIL/__pycache__/ImageQt*
 
 %changelog
+* Thu Dec 07 2023 wangkai <13474090681@163.com> - 9.0.1-4
+- Fix CVE-2022-45198
+
 * Tue Nov 14 2023 hanhuihui <hanhuihui5@huawei.com> - 9.0.1-3
 - Type:CVE
 - ID:NA