diff --git a/openjpeg2-2.5.2-pr1753.diff b/openjpeg2-2.5.2-pr1753.diff
new file mode 100644
index 0000000..16b9f3b
--- /dev/null
+++ b/openjpeg2-2.5.2-pr1753.diff
@@ -0,0 +1,13 @@
+diff --git a/src/lib/openjp2/jp2.c b/src/lib/openjp2/jp2.c
+index 4df055a54..da5063186 100644
+--- a/src/lib/openjp2/jp2.c
++++ b/src/lib/openjp2/jp2.c
+@@ -2873,7 +2873,7 @@ OPJ_BOOL opj_jp2_read_header(opj_stream_private_t *p_stream,
+                               p_image,
+                               p_manager);
+ 
+-    if (p_image && *p_image) {
++    if (ret && p_image && *p_image) {
+         /* Set Image Color Space */
+         if (jp2->enumcs == 16) {
+             (*p_image)->color_space = OPJ_CLRSPC_SRGB;
diff --git a/openjpeg2.spec b/openjpeg2.spec
index 865f8a2..61d9b7d 100644
--- a/openjpeg2.spec
+++ b/openjpeg2.spec
@@ -14,7 +14,7 @@
 
 Name:           openjpeg2
 Version:        2.5.2
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        C-Library for JPEG 2000
 
 # windirent.h is MIT, the rest is BSD
@@ -30,7 +30,8 @@ Source1:        data.tar.xz
 Patch0:         openjpeg2_opj2.patch
 Patch1:         openjpeg2-2.5.2-cve-2024-56826.patch
 Patch2:         openjpeg2-2.5.2-cve-2024-56827.patch
-
+# from upstream, for <= 2.5.3, RHEL-107568, CVE-2025-54784
+Patch3:         openjpeg2-2.5.2-pr1753.diff
 
 BuildRequires:  cmake
 BuildRequires:  doxygen
@@ -443,6 +444,9 @@ rm -rf %{buildroot}%{mingw64_datadir}/doc
 
 
 %changelog
+* Mon Aug 11 2025 Michal Hlavinka <mhlavink@redhat.com> - 2.5.2-5
+- fix CVE-2025-54874: OOB heap memory write (RHEL-107568)
+
 * Thu Jan 23 2025 Michal Hlavinka <mhlavink@redhat.com> - 2.5.2-4
 - fix two heap buffer overflows CVE-2024-56826 and CVE-2024-52827 (RHEL-72518,RHEL-72520)