diff --git a/wavpack-CVE-2021-44269.patch b/wavpack-CVE-2021-44269.patch
new file mode 100644
index 0000000..244ae26
--- /dev/null
+++ b/wavpack-CVE-2021-44269.patch
@@ -0,0 +1,30 @@
+diff --git a/cli/dsdiff.c b/cli/dsdiff.c
+index d7adb6a..5bdcae3 100644
+--- a/cli/dsdiff.c
++++ b/cli/dsdiff.c
+@@ -278,6 +278,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+             }
+ 
+             total_samples = dff_chunk_header.ckDataSize / config->num_channels;
++
++            if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) {
++                error_line ("%s is not a valid .DFF file!", infilename);
++                return WAVPACK_SOFT_ERROR;
++            }
++
+             break;
+         }
+         else {          // just copy unknown chunks to output file
+diff --git a/cli/dsf.c b/cli/dsf.c
+index e1d7973..dddd488 100644
+--- a/cli/dsf.c
++++ b/cli/dsf.c
+@@ -113,6 +113,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC
+ 
+     if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 ||
+         format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved ||
++        format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 ||
+         (format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) ||
+         format_chunk.numChannels < 1 || format_chunk.numChannels > 6 ||
+         format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) {
+
diff --git a/wavpack.changes b/wavpack.changes
index 52f342e..dad157c 100644
--- a/wavpack.changes
+++ b/wavpack.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Mar 16 09:03:47 UTC 2022 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2021-44269 [bsc#1197020], out of bounds read in processing .wav file
+  + wavpack-CVE-2021-44269.patch
+
 -------------------------------------------------------------------
 Mon Jan 18 12:40:18 UTC 2021 - Alexandros Toptsoglou <atoptsoglou@suse.com>
 
diff --git a/wavpack.spec b/wavpack.spec
index e3f3c98..d3e1ada 100644
--- a/wavpack.spec
+++ b/wavpack.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package wavpack
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,6 +26,8 @@ Group:          Productivity/Multimedia/Sound/Editors and Convertors
 URL:            http://www.wavpack.com/
 Source0:        http://www.wavpack.com/%{name}-%{version}.tar.bz2
 Source99:       baselibs.conf
+# CVE-2021-44269 [bsc#1197020], out of bounds read in processing .wav file
+Patch0:         wavpack-CVE-2021-44269.patch
 BuildRequires:  pkgconfig
 
 %description
@@ -68,6 +70,7 @@ applications that want to make use of wavpack.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %configure --disable-static