diff --git a/backport-CVE-2021-23437.patch b/backport-CVE-2021-23437.patch
new file mode 100644
index 0000000000000000000000000000000000000000..535dee308fdf964868508a3962eca6fb37196606
--- /dev/null
+++ b/backport-CVE-2021-23437.patch
@@ -0,0 +1,42 @@
+From 1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29 Mon Sep 17 00:00:00 2001
+From: Hugo van Kemenade <hugovk@users.noreply.github.com>
+Date: Mon, 23 Aug 2021 19:10:49 +0300
+Subject: [PATCH] Raise ValueError if color specifier is too long
+
+Conflict:NA
+Reference:https://github.com/python-pillow/Pillow/commit/1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29
+----
+ Tests/test_imagecolor.py | 9 +++++++++
+ src/PIL/ImageColor.py    | 2 ++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/Tests/test_imagecolor.py b/Tests/test_imagecolor.py
+index b5d6937965..dbe8b9e957 100644
+--- a/Tests/test_imagecolor.py
++++ b/Tests/test_imagecolor.py
+@@ -191,3 +191,12 @@ def test_rounding_errors():
+     assert (255, 255) == ImageColor.getcolor("white", "LA")
+     assert (163, 33) == ImageColor.getcolor("rgba(0, 255, 115, 33)", "LA")
+     Image.new("LA", (1, 1), "white")
++
++
++def test_color_too_long():
++    # Arrange
++    color_too_long = "hsl(" + "1" * 100 + ")"
++
++    # Act / Assert
++    with pytest.raises(ValueError):
++        ImageColor.getrgb(color_too_long)
+diff --git a/src/PIL/ImageColor.py b/src/PIL/ImageColor.py
+index 51df440403..25f92f2c73 100644
+--- a/src/PIL/ImageColor.py
++++ b/src/PIL/ImageColor.py
+@@ -32,6 +32,8 @@ def getrgb(color):
+     :param color: A color string
+     :return: ``(red, green, blue[, alpha])``
+     """
++    if len(color) > 100:
++        raise ValueError("color specifier is too long")
+     color = color.lower()
+ 
+     rgb = colormap.get(color, None)
diff --git a/python-pillow.spec b/python-pillow.spec
index fda606b4e3dee5083f913a4a38b93a5f2b9332a4..d86e049c5d6ac8e08c2fa82c1aab5b4173d7561e 100644
--- a/python-pillow.spec
+++ b/python-pillow.spec
@@ -5,7 +5,7 @@
  
 Name:           python-pillow
 Version:        8.1.2
-Release:        2
+Release:        3
 Summary:        Python image processing library 
 License:        MIT
 URL:            http://python-pillow.github.io/
@@ -28,6 +28,7 @@ Patch6010:      backport-Fix-Memory-DOS-in-ImageFont.patch
 Patch6011:      backport-0001-CVE-2021-34552.patch
 Patch6012:      backport-0002-CVE-2021-34552.patch
 Patch6013:      backport-Updated-default-value-for-SAMPLESPERPIXEL-tag.patch
+Patch6014:      backport-CVE-2021-23437.patch
 
 Patch9000:      backport-disable-test-sanity.patch
 
@@ -164,6 +165,9 @@ pytest --ignore=_build.python2 --ignore=_build.python3 --ignore=_build.pypy3 -v
 %{python3_sitearch}/PIL/__pycache__/ImageQt*
 
 %changelog
+* Mon Sep 27 2021 luoyang <luoyang42@huawei.com> - 8.1.2-3
+- fix CVE-2021-23437
+
 * Thu Aug 19 2021 hanhui <hanhui15@huawei.com> - 8.1.2-2
 - DESC: enable test case from setup.py