diff --git a/CVE-2021-20298.patch b/CVE-2021-20298.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2098e39675bd8f5b7a46080991cada539823a9a8
--- /dev/null
+++ b/CVE-2021-20298.patch
@@ -0,0 +1,26 @@
+From 01d1b18611469470eb3a1016c970953c09312fd6 Mon Sep 17 00:00:00 2001
+From: mayp <mayanping@ncti-gba.cn>
+Date: Thu, 25 Aug 2022 17:13:53 +0800
+Subject: [PATCH]  Changes to be committed: 	modified:  
+ IlmImf/ImfB44Compressor.cpp
+
+---
+ IlmImf/ImfB44Compressor.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/IlmImf/ImfB44Compressor.cpp b/IlmImf/ImfB44Compressor.cpp
+index d9fec62..2b85ed0 100644
+--- a/IlmImf/ImfB44Compressor.cpp
++++ b/IlmImf/ImfB44Compressor.cpp
+@@ -492,7 +492,7 @@ B44Compressor::B44Compressor
+     //
+ 
+     _tmpBuffer = new unsigned short
+-        [checkArraySize (uiMult (maxScanLineSize, numScanLines),
++        [checkArraySize (uiMult (maxScanLineSize / sizeof(unsigned short), numScanLines),
+                          sizeof (unsigned short))];
+ 
+     const ChannelList &channels = header().channels();
+-- 
+2.33.0
+
diff --git a/OpenEXR.spec b/OpenEXR.spec
index 9411986430260d0890dd48c07d625af50018ebaa..f0b16a6124788833e778f188e5d4dbcbbf76eb62 100644
--- a/OpenEXR.spec
+++ b/OpenEXR.spec
@@ -1,7 +1,7 @@
 Name:           OpenEXR
 Summary:        A high dynamic-range (HDR) image file format for use in computer imaging applications
 Version:        2.2.0
-Release:        27
+Release:        28
 License:        BSD
 URL:	        http://www.openexr.com/
 Source0:        http://download.savannah.nongnu.org/releases/openexr/openexr-%{version}.tar.gz
@@ -38,6 +38,7 @@ Patch0025:      CVE-2021-20302.patch
 #https://github.com/AcademySoftwareFoundation/openexr/commit/5a0adf1aba7d41c6b94ba167c0c4308d2eecfd17
 Patch0026:      CVE-2021-3933.patch
 Patch0027:      CVE-2021-20304.patch
+Patch0028:      CVE-2021-20298.patch
 
 BuildConflicts: %{name}-devel < 2.2.0
 BuildRequires:  gcc-c++ ilmbase-devel >= %{version} zlib-devel pkgconfig
@@ -101,6 +102,9 @@ test "$(pkg-config --modversion OpenEXR)" = "%{version}"
 %{_libdir}/pkgconfig/OpenEXR.pc
 
 %changelog
+* Thu Aug 25 2022 mayp <mayanping@ncti-gba.cn> - 2.2.0-28
+- Fix CVE-2021-20298 
+
 * Thu Aug 18 2022 mayp <mayanping@ncti-gba.cn> - 2.2.0-27
 - Fix CVE-2021-20304