diff --git a/CVE-2021-28429.patch b/CVE-2021-28429.patch
new file mode 100644
index 0000000..cf17204
--- /dev/null
+++ b/CVE-2021-28429.patch
@@ -0,0 +1,27 @@
+From 548bc2942ab160e852811bdb0499b5e226aa0d54 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Thu, 4 Jul 2024 15:03:12 +0800
+Subject: [PATCH] CVE-2021-28429
+
+---
+ libavutil/timecode.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libavutil/timecode.c b/libavutil/timecode.c
+index 60077ba..e34092f 100644
+--- a/libavutil/timecode.c
++++ b/libavutil/timecode.c
+@@ -96,8 +96,8 @@ char *av_timecode_make_string(const AVTimecode *tc, char *buf, int framenum)
+     }
+     ff = framenum % fps;
+     ss = framenum / fps        % 60;
+-    mm = framenum / (fps*60)   % 60;
+-    hh = framenum / (fps*3600);
++    mm = framenum / (fps*60LL) % 60;
++    hh = framenum / (fps*3600LL);
+     if (tc->flags & AV_TIMECODE_FLAG_24HOURSMAX)
+         hh = hh % 24;
+     snprintf(buf, AV_TIMECODE_STR_SIZE, "%s%02d:%02d:%02d%c%02d",
+-- 
+2.43.0
+
diff --git a/ffmpeg.spec b/ffmpeg.spec
index 33b017d..da4c47a 100644
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        4.2.4
-Release:        13
+Release:        14
 License:        %{ffmpeg_license}
 URL:            http://ffmpeg.org/
 %if 0%{?date}
@@ -416,9 +416,12 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 
 
 %changelog
-* Thu Jul  3 2024 happyworker <208suo@208suo.com> - 4.2.4-13
+* Mon Jul  8 2024 happyworker <208suo@208suo.com> - 4.2.4-14
 - Fix CVE-2024-31585
 
+* Thu Jul  4 2024 happyworker <208suo@208suo.com> - 4.2.4-13
+- Fix CVE-2021-28429
+
 * Tue Jul  2 2024 happyworker <208suo@208suo.com> - 4.2.4-12
 - Fix CVE-2021-38171