diff --git a/ffmpeg-6.changes b/ffmpeg-6.changes
index 2e94c14..d5f8388 100644
--- a/ffmpeg-6.changes
+++ b/ffmpeg-6.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Thu Apr 23 14:05:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-CVE-2023-50008.patch:
+  Backporting 5f87a68c from upstream, Fix memory leaks.
+  (CVE-2023-50008 bsc#1223254)
+
+-------------------------------------------------------------------
+Thu Apr 23 12:22:53 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-CVE-2023-50007.patch:
+  Backporting b1942734 from upstream, Fix crash with EOF handling.
+  (CVE-2023-50007 bsc#1223253)
+
 -------------------------------------------------------------------
 Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/ffmpeg-6.spec b/ffmpeg-6.spec
index 8b13fe6..7ab050d 100644
--- a/ffmpeg-6.spec
+++ b/ffmpeg-6.spec
@@ -120,7 +120,10 @@ Patch12:        0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
 Patch13:        0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
 Patch90:        ffmpeg-chromium.patch
 Patch91:        ffmpeg-dlopen-openh264.patch
-
+# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50007.patch CVE-2023-50007 bsc#1223253 qzhao@suse.com -- Fix crash with EOF handling.
+Patch92:        ffmpeg-CVE-2023-50007.patch
+# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50008.patch CVE-2023-50008 bsc#1223254 qzhao@suse.com -- Fix memory leaks.
+Patch93:        ffmpeg-CVE-2023-50008.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel >= 3.98.3
@@ -841,6 +844,10 @@ Patch12:        0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
 Patch13:        0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
 Patch90:        ffmpeg-chromium.patch
 Patch91:        ffmpeg-dlopen-openh264.patch
+# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50007.patch CVE-2023-50007 bsc#1223253 qzhao@suse.com -- Fix crash with EOF handling.
+Patch92:        ffmpeg-CVE-2023-50007.patch
+# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50008.patch CVE-2023-50008 bsc#1223254 qzhao@suse.com -- Fix memory leaks.
+Patch93:        ffmpeg-CVE-2023-50008.patch
 BuildRequires:  c_compiler
 Requires:       this-is-only-for-build-envs
 
diff --git a/ffmpeg-CVE-2023-50007.patch b/ffmpeg-CVE-2023-50007.patch
new file mode 100644
index 0000000..f970722
--- /dev/null
+++ b/ffmpeg-CVE-2023-50007.patch
@@ -0,0 +1,67 @@
+commit b1942734c7cbcdc9034034373abcc9ecb9644c47
+Author: Paul B Mahol <onemda@gmail.com>
+Date:   Mon Nov 27 11:45:34 2023 +0100
+
+    avfilter/af_afwtdn: fix crash with EOF handling
+
+diff -Nura ffmpeg-6.1.1/libavfilter/af_afwtdn.c ffmpeg-6.1.1_new/libavfilter/af_afwtdn.c
+--- ffmpeg-6.1.1/libavfilter/af_afwtdn.c	2023-11-11 08:25:17.000000000 +0800
++++ ffmpeg-6.1.1_new/libavfilter/af_afwtdn.c	2024-04-25 14:15:23.737350315 +0800
+@@ -408,6 +408,7 @@
+ 
+     uint64_t sn;
+     int64_t eof_pts;
++    int eof;
+ 
+     int wavelet_type;
+     int channels;
+@@ -1069,7 +1070,7 @@
+         s->drop_samples = 0;
+     } else {
+         if (s->padd_samples < 0 && eof) {
+-            out->nb_samples += s->padd_samples;
++            out->nb_samples = FFMAX(0, out->nb_samples + s->padd_samples);
+             s->padd_samples = 0;
+         }
+         if (!eof)
+@@ -1208,23 +1209,26 @@
+ 
+     FF_FILTER_FORWARD_STATUS_BACK(outlink, inlink);
+ 
+-    ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in);
+-    if (ret < 0)
+-        return ret;
+-    if (ret > 0)
+-        return filter_frame(inlink, in);
++    if (!s->eof) {
++        ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in);
++        if (ret < 0)
++            return ret;
++        if (ret > 0)
++            return filter_frame(inlink, in);
++    }
+ 
+     if (ff_inlink_acknowledge_status(inlink, &status, &pts)) {
+-        if (status == AVERROR_EOF) {
+-            while (s->padd_samples != 0) {
+-                ret = filter_frame(inlink, NULL);
+-                if (ret < 0)
+-                    return ret;
+-            }
+-            ff_outlink_set_status(outlink, status, pts);
+-            return ret;
+-        }
++        if (status == AVERROR_EOF)
++            s->eof = 1;
+     }
++
++    if (s->eof && s->padd_samples != 0) {
++        return filter_frame(inlink, NULL);
++    } else if (s->eof) {
++        ff_outlink_set_status(outlink, AVERROR_EOF, s->eof_pts);
++        return 0;
++    }
++
+     FF_FILTER_FORWARD_WANTED(outlink, inlink);
+ 
+     return FFERROR_NOT_READY;
diff --git a/ffmpeg-CVE-2023-50008.patch b/ffmpeg-CVE-2023-50008.patch
new file mode 100644
index 0000000..0502a62
--- /dev/null
+++ b/ffmpeg-CVE-2023-50008.patch
@@ -0,0 +1,18 @@
+commit 5f87a68cf70dafeab2fb89b42e41a4c29053b89b
+Author: Paul B Mahol <onemda@gmail.com>
+Date:   Mon Nov 27 12:08:20 2023 +0100
+
+    avfilter/vf_colorcorrect: fix memory leaks
+
+diff -Nura ffmpeg-6.1.1/libavfilter/vf_colorcorrect.c ffmpeg-6.1.1_new/libavfilter/vf_colorcorrect.c
+--- ffmpeg-6.1.1/libavfilter/vf_colorcorrect.c	2023-11-11 08:25:17.000000000 +0800
++++ ffmpeg-6.1.1_new/libavfilter/vf_colorcorrect.c	2024-04-25 14:35:29.717468737 +0800
+@@ -497,6 +497,8 @@
+     ColorCorrectContext *s = ctx->priv;
+ 
+     av_freep(&s->analyzeret);
++    av_freep(&s->uhistogram);
++    av_freep(&s->vhistogram);
+ }
+ 
+ static const AVFilterPad colorcorrect_inputs[] = {