diff --git a/libraw-CVE-2020-22628.patch b/libraw-CVE-2020-22628.patch
new file mode 100644
index 0000000..0a9f5b9
--- /dev/null
+++ b/libraw-CVE-2020-22628.patch
@@ -0,0 +1,13 @@
+Index: LibRaw-0.21.1/src/metadata/identify.cpp
+===================================================================
+--- LibRaw-0.21.1.orig/src/metadata/identify.cpp
++++ LibRaw-0.21.1/src/metadata/identify.cpp
+@@ -1243,7 +1243,7 @@ dng_skip:
+ 
+   if (raw_width < 22 || raw_width > 64000 || raw_height < 22 ||
+       pixel_aspect < 0.1 || pixel_aspect > 10. ||
+-      raw_height > 64000)
++      raw_height > 64000 || pixel_aspect < 0.1 || pixel_aspect > 10)
+     is_raw = 0;
+    if(raw_width <= left_margin || raw_height <= top_margin)
+        is_raw = 0;
diff --git a/libraw.changes b/libraw.changes
index 46a97c2..e95cd35 100644
--- a/libraw.changes
+++ b/libraw.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Sep 14 14:57:19 UTC 2023 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2020-22628 [bsc#1215308], stretch() function in librawsrcpostprocessingspect_ratio.cpp
+  + libraw-CVE-2020-22628.patch
+
 -------------------------------------------------------------------
 Tue May  2 13:49:55 UTC 2023 - pgajdos@suse.com
 
diff --git a/libraw.spec b/libraw.spec
index a074259..f347bb1 100644
--- a/libraw.spec
+++ b/libraw.spec
@@ -34,6 +34,8 @@ Source0:        https://www.libraw.org/data/%tar_name-%version.tar.gz
 Source1:        baselibs.conf
 # CVE-2023-1729 [bsc#1210720], a heap-buffer-overflow in raw2image_ex()
 Patch0:         libraw-CVE-2023-1729.patch
+# CVE-2020-22628 [bsc#1215308], stretch() function in librawsrcpostprocessingspect_ratio.cpp
+Patch1:         libraw-CVE-2020-22628.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  fdupes