diff --git a/1004-bugfix-for-CVE-2025-27795.patch b/1004-bugfix-for-CVE-2025-27795.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a9f4fa3b5eb3df92d878cb28ff02a678184beeca
--- /dev/null
+++ b/1004-bugfix-for-CVE-2025-27795.patch
@@ -0,0 +1,38 @@
+From: Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+Date: Mon, 9 Sep 2024 08:01:43 -0500
+Subject: ReadJXLImage(): Apply image dimension resource limits. Addresses
+ oss-fuzz Issue 69728
+
+Backported to Debian by Carlos Henrique Lima Melara <charles@debian.org>
+
+Changes:
+ - Drop changes to changelog and version files.
+Origin: upstream, https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42
+Bug-Debian: https://bugs.debian.org/1099955
+Last-Update: 2025-03-31
+---
+ coders/jxl.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/coders/jxl.c b/coders/jxl.c
+index b8a85fd..8a370fe 100644
+--- a/coders/jxl.c
++++ b/coders/jxl.c
+@@ -531,6 +531,7 @@ static Image *ReadJXLImage(const ImageInfo *image_info,
+                                       basic_info.alpha_bits, basic_info.num_color_channels,
+                                       basic_info.have_animation == JXL_FALSE ? "False" : "True");
+               }
++
+             if (basic_info.num_extra_channels)
+               {
+                 size_t index;
+@@ -579,6 +580,9 @@ static Image *ReadJXLImage(const ImageInfo *image_info,
+ 
+             image->orientation=convert_orientation(basic_info.orientation);
+ 
++            if (CheckImagePixelLimits(image, exception) != MagickPass)
++              ThrowJXLReaderException(ResourceLimitError,ImagePixelLimitExceeded,image);
++
+             pixel_format.endianness=JXL_NATIVE_ENDIAN;
+             pixel_format.align=0;
+             if (basic_info.num_color_channels == 1)
diff --git a/GraphicsMagick.spec b/GraphicsMagick.spec
index 4a9922878ea45d650614776501549a56d30b35de..6a3fd10383506e1f3dd5bfa2ddd05eedae49b090 100644
--- a/GraphicsMagick.spec
+++ b/GraphicsMagick.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 %global _with_quantum_depth --with-quantum-depth=16
 %global _enable_quantum_library_names --enable-quantum-library-names
 %global libQ -Q16
@@ -22,6 +22,9 @@ License: MIT
 Source0: http://downloads.sourceforge.net/sourceforge/graphicsmagick/GraphicsMagick-%{version}.tar.xz
 Url: http://www.graphicsmagick.org/
 
+# loongarch CICD always fail
+excludearch: loongarch64
+
 ## upstreamable patches
 Patch50: GraphicsMagick-1.3.31-perl_linkage.patch
 
@@ -29,6 +32,7 @@ Patch50: GraphicsMagick-1.3.31-perl_linkage.patch
 Patch1001: 1001-Test-for-interesting-libjpeg-turbo-3.0-functions.patch
 Patch1002: 1002-JPEG-Ignore-C_LOSSLESS_SUPPORTED-D_LOSSLESS_SUPPORTED-defined-by-JPEG-Turbo.patch
 Patch1003: 1003-ReadJPEGImage-Use-MagickAllocateResourceLimitedClearedArray.patch
+Patch1004: 1004-bugfix-for-CVE-2025-27795.patch
 
 BuildRequires: bzip2-devel
 BuildRequires: freetype-devel
@@ -154,6 +158,7 @@ done
 %if "%{_libdir}" != "/usr/lib"
 sed -i.rpath -e 's|"/lib /usr/lib|"/%{_lib} %{_libdir}|' configure
 %endif
+%patch1004 -p1
 
 
 %build
@@ -276,5 +281,8 @@ time \
 
 
 %changelog
+* Fri Jul 04 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 1.3.40-2
+- Fix CVE-2025-27795
+
 * Thu Apr 11 2024 Chunmei Xu <xuchunmei@linux.alibaba.com> - 1.3.40-1
 - init from upstream