diff --git a/0001-cve-fix-CVE-2023-50255.patch b/0001-cve-fix-CVE-2023-50255.patch
new file mode 100644
index 0000000000000000000000000000000000000000..59be725dcc5c74f32330a358bf56ab06f1215ec7
--- /dev/null
+++ b/0001-cve-fix-CVE-2023-50255.patch
@@ -0,0 +1,28 @@
+From 94c4fc42a949e1674993927791fec8db1e99fe50 Mon Sep 17 00:00:00 2001
+From: zhuhongbo <zhuhongbo@uniontech.com>
+Date: Fri, 13 Dec 2024 15:23:50 +0800
+Subject: [PATCH] cve: fix CVE-2023-50255
+
+---
+ 3rdparty/libzipplugin/libzipplugin.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/3rdparty/libzipplugin/libzipplugin.cpp b/3rdparty/libzipplugin/libzipplugin.cpp
+index 280378f..93e8fda 100644
+--- a/3rdparty/libzipplugin/libzipplugin.cpp
++++ b/3rdparty/libzipplugin/libzipplugin.cpp
+@@ -741,6 +741,11 @@ ErrorType LibzipPlugin::extractEntry(zip_t *archive, zip_int64_t index, const Ex
+     }
+ 
+     strFileName = m_common->trans2uft8(statBuffer.name, m_mapFileCode[index]);    // 解压文件名（压缩包中）
++    //fix CVE-2023-50255
++    if(strFileName.indexOf("../") != -1) {
++        qInfo() << "skipped ../ path component(s) in " << strFileName;
++        strFileName = strFileName.replace("../", "");
++    }
+     QString strOriginName = strFileName;
+ 
+     // 针对文件夹名称过长的情况，直接提示解压失败，文件夹名称过长
+-- 
+2.39.3
+
diff --git a/deepin-compressor.spec b/deepin-compressor.spec
index de36dd26474477e0e025866ffac1d23f821805d1..a6a6d307abb7159b8aacf665440f49f93e942a27 100644
--- a/deepin-compressor.spec
+++ b/deepin-compressor.spec
@@ -1,4 +1,4 @@
-%define specrelease 1
+%define specrelease 2
 
 Name:           deepin-compressor
 Version:        5.12.13
@@ -7,6 +7,7 @@ Summary:        A fast and lightweight application for creating and extracting a
 License:        GPLv3+
 URL:            https://github.com/linuxdeepin/deepin-devicemanager
 Source0:        %{name}-%{version}.tar.gz
+Patch0001:      0001-cve-fix-CVE-2023-50255.patch
 
 BuildRequires: gcc-c++
 BuildRequires: cmake
@@ -90,6 +91,9 @@ echo "%{_libdir}/%{name}/plugins/" > %{buildroot}/%{_sysconfdir}/ld.so.conf.d/%{
 /sbin/ldconfig
 
 %changelog
+* Fri Dec 13 2024 zhuhongbo <zhuhongbo@uniontech.com> - 5.12.13-2
+- cve: fix CVE-2023-50255
+
 * Fri Jul 28 2023 leeffo <liweiganga@uniontech.com> - 5.12.13-1
 - upgrade to version 5.12.13