diff --git a/CVE-2022-38533.patch b/CVE-2022-38533.patch
new file mode 100644
index 0000000..8262b4e
--- /dev/null
+++ b/CVE-2022-38533.patch
@@ -0,0 +1,19 @@
+diff -rupN --no-dereference binutils-2.39/bfd/coffcode.h binutils-2.39-new/bfd/coffcode.h
+--- binutils-2.39/bfd/coffcode.h	2022-07-08 11:46:47.000000000 +0200
++++ binutils-2.39-new/bfd/coffcode.h	2022-10-30 12:41:41.408023817 +0100
+@@ -4284,10 +4284,13 @@ coff_set_section_contents (bfd * abfd,
+ 
+ 	rec = (bfd_byte *) location;
+ 	recend = rec + count;
+-	while (rec < recend)
++	while (recend - rec >= 4)
+ 	  {
++	    size_t len = bfd_get_32 (abfd, rec);
++	    if (len == 0 || len > (size_t) (recend - rec) / 4)
++	      break;
++	    rec += len * 4;
+ 	    ++section->lma;
+-	    rec += bfd_get_32 (abfd, rec) * 4;
+ 	  }
+ 
+ 	BFD_ASSERT (rec == recend);
diff --git a/mingw-binutils.spec b/mingw-binutils.spec
index b923e76..f71ed9b 100644
--- a/mingw-binutils.spec
+++ b/mingw-binutils.spec
@@ -3,7 +3,7 @@
 
 Name:           mingw-binutils
 Version:        2.39
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Cross-compiled version of binutils for Win32 and Win64 environments
 
 License:        GPLv2+ and LGPLv2+ and GPLv3+ and LGPLv3+
@@ -129,6 +129,9 @@ Patch19: binutils-package-metadata.patch
 # Lifetime: Fixed in 2.40
 Patch20: binutils-gas-dwarf-skip-empty-functions.patch
 
+# Backport patch for CVE-2022-38533
+Patch21: CVE-2022-38533.patch
+
 
 BuildRequires:  make
 BuildRequires:  gcc
@@ -461,6 +464,9 @@ rm -rf %{buildroot}%{_mandir}/man1/*
 
 
 %changelog
+* Sun Oct 30 2022 Sandro Mani <manisandro@gmail.com> - 2.39-2
+- Backport patch for CVE-2022-38533
+
 * Tue Aug 16 2022 Sandro Mani <manisandro@gmail.com> - 2.39-1
 - Update to 2.39