diff --git a/Bugfix-for-CVE-2024-33871.patch b/Bugfix-for-CVE-2024-33871.patch
new file mode 100644
index 0000000000000000000000000000000000000000..195eecf29ecc34aaa5e6c05e3745c5d16db934ff
--- /dev/null
+++ b/Bugfix-for-CVE-2024-33871.patch
@@ -0,0 +1,29 @@
+From 6afe688e06ca700dd4f187a80777eb1947a534a5 Mon Sep 17 00:00:00 2001
+From: root <root@hebei.10.60.in-addr.arpa>
+Date: Thu, 11 Jul 2024 16:36:21 +0800
+Subject: [PATCH] Bugfix for CVE-2024-33871
+
+---
+ contrib/opvp/gdevopvp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/contrib/opvp/gdevopvp.c b/contrib/opvp/gdevopvp.c
+index 74200cf..80eb23b 100644
+--- a/contrib/opvp/gdevopvp.c
++++ b/contrib/opvp/gdevopvp.c
+@@ -3198,6 +3198,12 @@ _put_params(gx_device *dev, gs_param_list *plist)
+     code = param_read_string(plist, pname, &vdps);
+     switch (code) {
+     case 0:
++        if (gs_is_path_control_active(dev->memory)
++            && (!opdev->globals.vectorDriver || strlen(opdev->globals.vectorDriver) != vdps.size
++                || memcmp(opdev->globals.vectorDriver, vdps.data, vdps.size) != 0)) {
++            param_signal_error(plist, pname, gs_error_invalidaccess);
++            return_error(gs_error_invalidaccess);
++        }
+         buff = realloc(buff, vdps.size + 1);
+         memcpy(buff, vdps.data, vdps.size);
+         buff[vdps.size] = 0;
+-- 
+2.27.0
+
diff --git a/ghostscript.spec b/ghostscript.spec
index 6b91718d1f4690edb1d4fa1841cb19922b6fa966..f9dd6d87eefca7a98c55c77d20ef520ce949cc26 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -34,7 +34,7 @@
 Name:             ghostscript
 Summary:          Interpreter for PostScript language & PDF
 Version:          9.25
-Release:          5%{?dist}
+Release:          5%{?dist}.01
 
 License:          AGPLv3+
 
@@ -112,7 +112,7 @@ Patch018: ghostscript-cve-2019-14869.patch
 # ------------------
 Patch100: ghostscript-9.23-100-run-dvipdf-securely.patch
 Patch101: ghostscript-9.25-101-reenable-cups-filters.patch
-
+Patch102: Bugfix-for-CVE-2024-33871.patch
 
 # Downstream patches for RHEL -- patches that we keep only in RHEL for various
 # ---------------------------    reasons, but are not enabled in Fedora:
@@ -430,6 +430,9 @@ install -m 0755 -d %{buildroot}%{_sysconfdir}/%{name}/
 # =============================================================================
 
 %changelog
+* Fri Sep 20 2024 zhuhongbo <zhuhongbo@uniontech.com> - 9.25-5.01
+- fix: Bugfix-for-CVE-2024-33871.patch
+
 * Tue Mar 31 2020 Zdenek Dohnal <zdohnal@redhat.com> - 9.25-5
 - 1812284 - ghostscript fontconfig support broken when gs used with -dSAFER/-dPARANOIDSAFER