diff --git a/CVE-2020-36430.patch b/CVE-2020-36430.patch
new file mode 100644
index 0000000..7812f6a
--- /dev/null
+++ b/CVE-2020-36430.patch
@@ -0,0 +1,40 @@
+From 017137471d0043e0321e377ed8da48e45a3ec632 Mon Sep 17 00:00:00 2001
+From: Oleg Oshmyan <chortos@inbox.lv>
+Date: Tue, 27 Oct 2020 15:46:04 +0200
+Subject: [PATCH] decode_font: fix subtraction broken by change to unsigned
+ type
+
+This caused a one-byte buffer overwrite and an assertion failure.
+
+Regression in commit 910211f1c0078e37546f73e95306724358b89be2.
+
+Discovered by OSS-Fuzz.
+
+Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674.
+Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26678.
+---
+ libass/ass.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libass/ass.c b/libass/ass.c
+index 428a332ff..5be09a7cf 100644
+--- a/libass/ass.c
++++ b/libass/ass.c
+@@ -857,7 +857,7 @@ static int decode_font(ASS_Track *track)
+         ass_msg(track->library, MSGL_ERR, "Bad encoded data size");
+         goto error_decode_font;
+     }
+-    buf = malloc(size / 4 * 3 + FFMAX(size % 4 - 1, 0));
++    buf = malloc(size / 4 * 3 + FFMAX(size % 4, 1) - 1);
+     if (!buf)
+         goto error_decode_font;
+     q = buf;
+@@ -871,7 +871,7 @@ static int decode_font(ASS_Track *track)
+         q = decode_chars(p, q, 3);
+     }
+     dsize = q - buf;
+-    assert(dsize == size / 4 * 3 + FFMAX(size % 4 - 1, 0));
++    assert(dsize == size / 4 * 3 + FFMAX(size % 4, 1) - 1);
+ 
+     if (track->library->extract_fonts) {
+         ass_add_font(track->library, track->parser_priv->fontname,
diff --git a/libass.spec b/libass.spec
index b6c61e3..0240fcf 100644
--- a/libass.spec
+++ b/libass.spec
@@ -1,6 +1,6 @@
 Name:           libass
 Version:        0.15.0
-Release:        1
+Release:        2
 Summary:        Portable subtitle renderer for the ASS/SSA subtitle format
 License:        ISC
 URL:            https://github.com/libass
@@ -9,6 +9,8 @@ Source0:        https://github.com/libass/libass/releases/download/%{version}/li
 BuildRequires:  gcc nasm pkgconfig(fontconfig) >= 2.10.92 pkgconfig(freetype2) >= 9.10.3
 BuildRequires:  pkgconfig(fribidi) >= 0.19.0 pkgconfig(harfbuzz) >= 0.9.5 pkgconfig(libpng) >= 1.2.0
 
+Patch0:         CVE-2020-36430.patch
+
 %description
 libass is a portable subtitle renderer for the ASS/SSA (Advanced Substation Alpha/Substation Alpha) 
 subtitle format. It is mostly compatible with VSFilter.
@@ -24,7 +26,7 @@ The package contains libraries and header files for developing of libass applica
 %package_help
 
 %prep
-%autosetup
+%autosetup -p1
 
 %build
 %configure
@@ -55,6 +57,9 @@ make check
 %doc Changelog
 
 %changelog
+* Thu Jul 29 2021 houyingchao <houyingchao@huawei.com> - 0.15.0-2
+- Fix CVE-2020-36430
+
 * Fri Feb 5 2021 zhanghua <zhanghua40@huawei.com> - 0.15.0-1
 - update to 0.15.0 to fix CVE-2020-26682