diff --git a/CVE-2024-20697-2.patch b/CVE-2024-20697-2.patch
new file mode 100644
index 0000000..9a5c0e0
--- /dev/null
+++ b/CVE-2024-20697-2.patch
@@ -0,0 +1,74 @@
+From bf3940d944640a6cde7fcad0ba1461dd4a132c4f Mon Sep 17 00:00:00 2001
+From: terrynini38514 <nini@undefined.zip>
+Date: Wed, 10 Jul 2024 12:37:41 +0800
+Subject: [PATCH 1/3] Fix CVE-2024-26256
+
+---
+ libarchive/archive_read_support_format_rar.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index fb7cfde7b..98ec31f91 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -3428,6 +3428,12 @@ run_filters(struct archive_read *a)
+       return 0;
+   }
+ 
++  if ( filter->blocklength > VM_MEMORY_SIZE )
++  {
++    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "Bad RAR file data");
++    return 0LL;
++  }
++
+   ret = copy_from_lzss_window(a, filters->vm->memory, start, filter->blocklength);
+   if (ret != ARCHIVE_OK)
+     return 0;
+
+From e77203d934cbd90432c00d58f4789ec1d9c18337 Mon Sep 17 00:00:00 2001
+From: terrynini <terrynini38514@gmail.com>
+Date: Thu, 8 Aug 2024 11:44:45 +0800
+Subject: [PATCH 2/3] Update libarchive/archive_read_support_format_rar.c
+
+Co-authored-by: Timothy Lyanguzov <theta682@gmail.com>
+---
+ libarchive/archive_read_support_format_rar.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index 98ec31f91..4f8760c5b 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -3431,7 +3431,7 @@ run_filters(struct archive_read *a)
+   if ( filter->blocklength > VM_MEMORY_SIZE )
+   {
+     archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "Bad RAR file data");
+-    return 0LL;
++    return 0;
+   }
+ 
+   ret = copy_from_lzss_window(a, filters->vm->memory, start, filter->blocklength);
+
+From 33c0bfc8b8d36bbc2ccfe6f76d1c0cbee06f8397 Mon Sep 17 00:00:00 2001
+From: terrynini <terrynini38514@gmail.com>
+Date: Thu, 8 Aug 2024 11:44:51 +0800
+Subject: [PATCH 3/3] Update libarchive/archive_read_support_format_rar.c
+
+Co-authored-by: Timothy Lyanguzov <theta682@gmail.com>
+---
+ libarchive/archive_read_support_format_rar.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index 4f8760c5b..f4dcb7528 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -3428,7 +3428,7 @@ run_filters(struct archive_read *a)
+       return 0;
+   }
+ 
+-  if ( filter->blocklength > VM_MEMORY_SIZE )
++  if (filter->blocklength > VM_MEMORY_SIZE)
+   {
+     archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "Bad RAR file data");
+     return 0;
diff --git a/CVE-2024-48957.patch b/CVE-2024-48957.patch
new file mode 100644
index 0000000..39befe7
--- /dev/null
+++ b/CVE-2024-48957.patch
@@ -0,0 +1,29 @@
+From 3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b Mon Sep 17 00:00:00 2001
+From: Wei-Cheng Pan <legnaleurc@gmail.com>
+Date: Mon, 29 Apr 2024 06:53:19 +0900
+Subject: [PATCH] fix: OOB in rar audio filter (#2149)
+
+This patch ensures that `src` won't move ahead of `dst`, so `src` will
+not OOB. Similar situation like in a1cb648.
+---
+ libarchive/archive_read_support_format_rar.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index 619ee81e2..4fc6626ca 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -3722,6 +3722,13 @@ execute_filter_audio(struct rar_filter *filter, struct rar_virtual_machine *vm)
+     memset(&state, 0, sizeof(state));
+     for (j = i; j < length; j += numchannels)
+     {
++      /*
++       * The src block should not overlap with the dst block.
++       * If so it would be better to consider this archive is broken.
++       */
++      if (src >= dst)
++        return 0;
++
+       int8_t delta = (int8_t)*src++;
+       uint8_t predbyte, byte;
+       int prederror;
diff --git a/CVE-2024-48958.patch b/CVE-2024-48958.patch
new file mode 100644
index 0000000..c5928df
--- /dev/null
+++ b/CVE-2024-48958.patch
@@ -0,0 +1,29 @@
+From 17d9d73ee92eeb1a08b0a56659d010d8120af33a Mon Sep 17 00:00:00 2001
+From: Wei-Cheng Pan <legnaleurc@gmail.com>
+Date: Fri, 26 Apr 2024 13:58:34 +0900
+Subject: [PATCH] fix: OOB in rar delta filter
+
+---
+ libarchive/archive_read_support_format_rar.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index 79669a8f4..619ee81e2 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -3612,7 +3612,15 @@ execute_filter_delta(struct rar_filter *filter, struct rar_virtual_machine *vm)
+   {
+     uint8_t lastbyte = 0;
+     for (idx = i; idx < length; idx += numchannels)
++    {
++      /*
++       * The src block should not overlap with the dst block.
++       * If so it would be better to consider this archive is broken.
++       */
++      if (src >= dst)
++        return 0;
+       lastbyte = dst[idx] = lastbyte - *src++;
++    }
+   }
+ 
+   filter->filteredblockaddress = length;
diff --git a/libarchive.changes b/libarchive.changes
index f215abb..6774380 100644
--- a/libarchive.changes
+++ b/libarchive.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Oct 29 18:45:40 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
+
+- Fix CVE-2024-48958, out-of-bounds access in execute_filter_delta
+  (CVE-2024-48958, bsc#1231624)
+  * CVE-2024-48958.patch
+- Additional patch to fix CVE-2024-20697 (also attributed CVE-2024-26256)
+  (CVE-2024-20697, CVE-2024-26256, bsc#1225972)
+  * CVE-2024-20697-2.patch
+- Fix CVE-2024-48957, out-of-bounds access in execute_filter_audio
+  (CVE-2024-48957, bsc#1231544)
+  * CVE-2024-48957.patch
+
 -------------------------------------------------------------------
 Thu Jun 13 18:19:13 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
 
diff --git a/libarchive.spec b/libarchive.spec
index 2530976..0ffb66c 100644
--- a/libarchive.spec
+++ b/libarchive.spec
@@ -46,6 +46,11 @@ Patch2:         fix-soversion.patch
 Patch3:         CVE-2024-20696.patch
 # PATCH-FIX-UPSTREAM bsc#1225972 antonio.teixeira@suse.com CVE-2024-20697
 Patch4:         CVE-2024-20697.patch
+Patch5:         CVE-2024-20697-2.patch
+# PATCH-FIX-UPSTREAM bsc#1231544 antonio.teixeira@suse.com CVE-2024-48957
+Patch6:         CVE-2024-48957.patch
+# PATCH-FIX-UPSTREAM bsc#1231624 antonio.teixeira@suse.com CVE-2024-48958
+Patch7:         CVE-2024-48958.patch
 BuildRequires:  cmake
 BuildRequires:  libacl-devel
 BuildRequires:  libbz2-devel