diff --git a/CVE-2022-3109.patch b/CVE-2022-3109.patch
new file mode 100644
index 0000000..bdf06d0
--- /dev/null
+++ b/CVE-2022-3109.patch
@@ -0,0 +1,31 @@
+From ae0ca68362ee76165de00024e1454d2e3513eced Mon Sep 17 00:00:00 2001
+From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
+Date: Wed, 26 Jun 2024 17:54:07 +0800
+Subject: [PATCH] CVE-2022-3109
+
+---
+ libavcodec/vp3.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
+index a2bd2ef..0c62731 100644
+--- a/libavcodec/vp3.c
++++ b/libavcodec/vp3.c
+@@ -2740,8 +2740,13 @@ static int vp3_decode_frame(AVCodecContext *avctx,
+     if (ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF) < 0)
+         goto error;
+ 
+-    if (!s->edge_emu_buffer)
++    if (!s->edge_emu_buffer) {
+         s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0]));
++	if (!s->edge_emu_buffer) {
++            ret = AVERROR(ENOMEM);
++            goto error;
++        }
++    }
+ 
+     if (s->keyframe) {
+         if (!s->theora) {
+-- 
+2.43.0
+
diff --git a/ffmpeg.spec b/ffmpeg.spec
index d15c5c7..5c28d1f 100644
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        4.2.4
-Release:        10
+Release:        11
 License:        %{ffmpeg_license}
 URL:            http://ffmpeg.org/
 %if 0%{?date}
@@ -79,8 +79,9 @@ Patch6:         CVE-2024-31578.patch
 Patch7:         CVE-2023-51794.patch
 Patch8:         fix-CVE-2023-51798.patch
 Patch9:         CVE-2022-3341.patch
-Patch10:        fix-CVE-2023-51793.patch
-Patch11:        fix-CVE-2023-50010.patch
+Patch10:        CVE-2022-3109.patch
+Patch11:        fix-CVE-2023-51793.patch
+Patch12:        fix-CVE-2023-50010.patch
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
 %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
@@ -413,12 +414,15 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 
 
 %changelog
-* Tue Jul 02 2024 happyworker <208suo@208suo.com> - 4.2.4-10
+* Tue Jul 02 2024 happyworker <208suo@208suo.com> - 4.2.4-11
 - Fix CVE-2023-50010
 
-* Tue Jul 02 2024 happyworker <208suo@208suo.com> - 4.2.4-9
+* Tue Jul 02 2024 happyworker <208suo@208suo.com> - 4.2.4-10
 - Fix CVE-2023-51793
 
+* Wed Jun 26 2024 happyworker <208suo@208suo.com> - 4.2.4-9
+- Fix CVE-2022-3109
+
 * Tue Jun 25 2024 happyworker <208suo@208suo.com> - 4.2.4-8
 - Fix CVE-2022-3341
 
@@ -431,7 +435,7 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 * Wed May 01 2024 cenhuilin <cenhuilin@kylinos.cn> - 4.2.4-5
 - fix CVE-2024-31578
 
-* Tue May 24 2022 yangweidong <yangweidong9@huawei.com> - 4.2.4-4
+* Thu Jun 2 2022 yangweidong <yangweidong9@huawei.com> - 4.2.4-4
 - Fix CVE-2021-38114 and CVE-2020-35964
 
 * Sat Sep 04 2021 guoxiaoqi <guoxiaoqi2@huawei.com> - 4.2.4-3