diff --git a/harfbuzz-CVE-2023-25193.patch b/harfbuzz-CVE-2023-25193.patch
new file mode 100644
index 0000000..735b326
--- /dev/null
+++ b/harfbuzz-CVE-2023-25193.patch
@@ -0,0 +1,31 @@
+From 85be877925ddbf34f74a1229f3ca1716bb6170dc Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad@behdad.org>
+Date: Wed, 1 Feb 2023 20:00:43 -0700
+Subject: [PATCH] [layout] Limit how far we skip when looking back
+
+See comments.
+---
+ src/hb-ot-layout-gsubgpos.hh | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
+index bf74672a1..8ca691805 100644
+--- a/src/hb-ot-layout-gsubgpos.hh
++++ b/src/hb-ot-layout-gsubgpos.hh
+@@ -578,6 +578,13 @@ struct hb_ot_apply_context_t :
+       unsigned stop = num_items - 1;
+       if (c->buffer->flags & HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT)
+         stop = 1 - 1;
++
++      /* When looking back, limit how far we search; this function is mostly
++       * used for looking back for base glyphs when attaching marks. If we
++       * don't limit, we can get O(n^2) behavior where n is the number of
++       * consecutive marks. */
++      stop = (unsigned) hb_max ((int) stop, (int) idx - HB_MAX_CONTEXT_LENGTH);
++
+       while (idx > stop)
+       {
+ 	idx--;
+-- 
+2.39.0
+
diff --git a/harfbuzz.changes b/harfbuzz.changes
index b1f9237..98a4494 100644
--- a/harfbuzz.changes
+++ b/harfbuzz.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Feb  6 17:11:49 UTC 2023 - Michael Gorse <mgorse@suse.com>
+
+- Add harfbuzz-CVE-2023-25193.patch: limit how far we skip when
+  looking back (boo#1207922 CVE-2023-25193).
+
 -------------------------------------------------------------------
 Sat Dec 17 09:26:17 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
 
diff --git a/harfbuzz.spec b/harfbuzz.spec
index f4101a5..8e33d15 100644
--- a/harfbuzz.spec
+++ b/harfbuzz.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package harfbuzz
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,6 +24,8 @@ License:        MIT
 URL:            https://www.freedesktop.org/wiki/Software/HarfBuzz
 Source0:        https://github.com/harfbuzz/harfbuzz/releases/download/%{version}/%{name}-%{version}.tar.xz
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM harfbuzz-CVE-2023-25193.patch boo#1207922 mgorse@suse.com -- limit how far we skip when looking back.
+Patch0:         harfbuzz-CVE-2023-25193.patch
 BuildRequires:  c++_compiler
 BuildRequires:  c_compiler
 BuildRequires:  meson