diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes
index 02de233..2a0a4ce 100644
--- a/ffmpeg-4.changes
+++ b/ffmpeg-4.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sun Sep 26 02:44:57 UTC 2021 - Alynx Zhou <alynx.zhou@suse.com>
+
+- Add ffmpeg-CVE-2020-22037.patch: Backport from upstream to fix
+  denial of service vulnerability exists due to a memory leak in
+  avcodec_alloc_context3 at options.c (bsc#1186756).
+
 -------------------------------------------------------------------
 Fri Aug 27 07:09:15 UTC 2021 - Alynx Zhou <alynx.zhou@suse.com>
 
diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec
index 212041c..b185e95 100644
--- a/ffmpeg-4.spec
+++ b/ffmpeg-4.spec
@@ -121,6 +121,7 @@ Patch9:         ffmpeg-4.4-CVE-2020-22046.patch
 Patch10:        ffmpeg-CVE-2021-33815.patch
 Patch11:        ffmpeg-CVE-2021-38114.patch
 Patch12:        ffmpeg-CVE-2021-38171.patch
+Patch13:        ffmpeg-CVE-2020-22037.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel
diff --git a/ffmpeg-CVE-2020-22037.patch b/ffmpeg-CVE-2020-22037.patch
new file mode 100644
index 0000000..05b27db
--- /dev/null
+++ b/ffmpeg-CVE-2020-22037.patch
@@ -0,0 +1,56 @@
+diff --unified --recursive --text --new-file --color ffmpeg-4.4.old/libavcodec/frame_thread_encoder.c ffmpeg-4.4.new/libavcodec/frame_thread_encoder.c
+--- ffmpeg-4.4.old/libavcodec/frame_thread_encoder.c	2021-04-09 05:28:39.000000000 +0800
++++ ffmpeg-4.4.new/libavcodec/frame_thread_encoder.c	2021-09-26 10:51:25.616140633 +0800
+@@ -124,7 +124,7 @@
+ int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options){
+     int i=0;
+     ThreadContext *c;
+-
++    AVCodecContext *thread_avctx = NULL;
+ 
+     if(   !(avctx->thread_type & FF_THREAD_FRAME)
+        || !(avctx->codec->capabilities & AV_CODEC_CAP_FRAME_THREADS))
+@@ -205,16 +205,17 @@
+         AVDictionary *tmp = NULL;
+         int ret;
+         void *tmpv;
+-        AVCodecContext *thread_avctx = avcodec_alloc_context3(avctx->codec);
++        thread_avctx = avcodec_alloc_context3(avctx->codec);
+         if(!thread_avctx)
+             goto fail;
+         tmpv = thread_avctx->priv_data;
+         *thread_avctx = *avctx;
++        thread_avctx->priv_data = tmpv;
++        thread_avctx->internal = NULL;
++        thread_avctx->hw_frames_ctx = NULL;
+         ret = av_opt_copy(thread_avctx, avctx);
+         if (ret < 0)
+             goto fail;
+-        thread_avctx->priv_data = tmpv;
+-        thread_avctx->internal = NULL;
+         if (avctx->codec->priv_class) {
+             int ret = av_opt_copy(thread_avctx->priv_data, avctx->priv_data);
+             if (ret < 0)
+@@ -243,6 +244,8 @@
+ 
+     return 0;
+ fail:
++    avcodec_close(thread_avctx);
++    av_freep(&thread_avctx);
+     avctx->thread_count = i;
+     av_log(avctx, AV_LOG_ERROR, "ff_frame_thread_encoder_init failed\n");
+     ff_frame_thread_encoder_free(avctx);
+diff --unified --recursive --text --new-file --color ffmpeg-4.4.old/libavcodec/frame_thread_encoder.h ffmpeg-4.4.new/libavcodec/frame_thread_encoder.h
+--- ffmpeg-4.4.old/libavcodec/frame_thread_encoder.h	2021-04-09 05:28:39.000000000 +0800
++++ ffmpeg-4.4.new/libavcodec/frame_thread_encoder.h	2021-09-26 10:52:37.122774657 +0800
+@@ -23,6 +23,10 @@
+ 
+ #include "avcodec.h"
+ 
++/**
++ * Initialize frame thread encoder.
++ * @note hardware encoders are not supported
++ */
+ int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options);
+ void ff_frame_thread_encoder_free(AVCodecContext *avctx);
+ int ff_thread_video_encode_frame(AVCodecContext *avctx, AVPacket *pkt,