diff --git a/CVE-2023-32573-qtsvg-6.5.diff b/CVE-2023-32573-qtsvg-6.5.diff
new file mode 100644
index 0000000..d8fc36f
--- /dev/null
+++ b/CVE-2023-32573-qtsvg-6.5.diff
@@ -0,0 +1,58 @@
+From ff22c3ccf8ccf813fdcfda23f7740ba73ba5ce0a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Robert=20L=C3=B6hning?= <robert.loehning@qt.io>
+Date: Mon, 24 Apr 2023 15:27:17 +0200
+Subject: [PATCH] QSvgFont: Initialize used member, remove unused
+
+Credit to OSS-Fuzz
+
+[ChangeLog][QtSvg] Fixed undefined behavior from using uninitialized
+variable.
+
+Pick-to: 6.5 6.2 5.15
+Coverity-Id: 22618
+Change-Id: Id52277bb0e2845f4d342e187dbb8093e9276b70c
+Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
+---
+ src/svg/qsvgfont_p.h    | 5 ++---
+ src/svg/qsvghandler.cpp | 2 +-
+ 2 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/src/svg/qsvgfont_p.h b/src/svg/qsvgfont_p.h
+index a7cc98b..9cf3dfe 100644
+--- a/src/svg/qsvgfont_p.h
++++ b/src/svg/qsvgfont_p.h
+@@ -38,6 +38,7 @@ public:
+ class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted
+ {
+ public:
++    static constexpr qreal DEFAULT_UNITS_PER_EM = 1000;
+     QSvgFont(qreal horizAdvX);
+ 
+     void setFamilyName(const QString &name);
+@@ -50,9 +51,7 @@ public:
+     void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const;
+ public:
+     QString m_familyName;
+-    qreal m_unitsPerEm;
+-    qreal m_ascent;
+-    qreal m_descent;
++    qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM;
+     qreal m_horizAdvX;
+     QHash<QChar, QSvgGlyph> m_glyphs;
+ };
+diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
+index 29ca733..a891848 100644
+--- a/src/svg/qsvghandler.cpp
++++ b/src/svg/qsvghandler.cpp
+@@ -2622,7 +2622,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent,
+ 
+     qreal unitsPerEm = toDouble(unitsPerEmStr);
+     if (!unitsPerEm)
+-        unitsPerEm = 1000;
++        unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM;
+ 
+     if (!name.isEmpty())
+         font->setFamilyName(name);
+-- 
+2.40.1
+
diff --git a/qt6-svg.changes b/qt6-svg.changes
index 580eca6..4d5cb90 100644
--- a/qt6-svg.changes
+++ b/qt6-svg.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu May 11 08:39:38 UTC 2023 - Christophe Marin <christophe@krop.fr>
+
+- Add upstream change (boo#1211298, CVE-2023-32573):
+  * CVE-2023-32573-qtsvg-6.5.diff
+
 -------------------------------------------------------------------
 Mon Apr  3 10:02:45 UTC 2023 - Christophe Marin <christophe@krop.fr>
 
diff --git a/qt6-svg.spec b/qt6-svg.spec
index c38f25e..379a79a 100644
--- a/qt6-svg.spec
+++ b/qt6-svg.spec
@@ -34,6 +34,8 @@ License:        LGPL-3.0-only OR (GPL-2.0-only OR GPL-3.0-or-later)
 URL:            https://www.qt.io
 Source:         https://download.qt.io/official_releases/qt/%{short_version}/%{real_version}%{tar_suffix}/submodules/%{tar_name}-%{real_version}%{tar_suffix}.tar.xz
 Source99:       qt6-svg-rpmlintrc
+# PATCH-FIX-UPSTREAM
+Patch0:         CVE-2023-32573-qtsvg-6.5.diff
 BuildRequires:  pkgconfig
 BuildRequires:  qt6-core-private-devel
 BuildRequires:  qt6-gui-private-devel