diff --git a/CVE-2022-37290.patch b/CVE-2022-37290.patch
new file mode 100644
index 0000000..5a975b1
--- /dev/null
+++ b/CVE-2022-37290.patch
@@ -0,0 +1,54 @@
+From 78e757fe7650033d09def2e2e1540ea7c5651aab Mon Sep 17 00:00:00 2001
+From: technology208 <technology@208suo.com>
+Date: Mon, 20 May 2024 13:54:01 +0800
+Subject: [PATCH] CreatePatch
+
+---
+ src/nautilus-dbus-manager.c    | 6 ++++++
+ src/nautilus-file-operations.c | 6 ++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/src/nautilus-dbus-manager.c b/src/nautilus-dbus-manager.c
+index 43f27e1..82be3b6 100644
+--- a/src/nautilus-dbus-manager.c
++++ b/src/nautilus-dbus-manager.c
+@@ -126,6 +126,12 @@ handle_create_folder (NautilusDBusFileOperations *object,
+     file = g_file_new_for_uri (uri);
+     basename = g_file_get_basename (file);
+     parent_file = g_file_get_parent (file);
++    if (parent_file == NULL || basename == NULL)
++    {
++        g_dbus_method_invocation_return_error (invocation, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT, "Invalid uri: %s", uri);
++        return TRUE;
++    }
++
+     parent_file_uri = g_file_get_uri (parent_file);
+ 
+     g_application_hold (g_application_get_default ());
+diff --git a/src/nautilus-file-operations.c b/src/nautilus-file-operations.c
+index 7579cd0..ea4edb2 100644
+--- a/src/nautilus-file-operations.c
++++ b/src/nautilus-file-operations.c
+@@ -985,6 +985,11 @@ get_basename (GFile *file)
+     if (name == NULL)
+     {
+         basename = g_file_get_basename (file);
++        if (basename == NULL)
++        {
++            return g_strdup (_("unknown"));
++        }
++
+         if (g_utf8_validate (basename, -1, NULL))
+         {
+             name = basename;
+@@ -4170,6 +4175,7 @@ get_unique_target_file (GFile      *src,
+     if (dest == NULL)
+     {
+         basename = g_file_get_basename (src);
++        g_assert (basename == NULL);
+ 
+         if (g_utf8_validate (basename, -1, NULL))
+         {
+-- 
+2.33.0
+
diff --git a/nautilus.spec b/nautilus.spec
index 876f47b..2595263 100644
--- a/nautilus.spec
+++ b/nautilus.spec
@@ -1,6 +1,6 @@
 Name:             nautilus
 Version:          3.33.90
-Release:          9
+Release:          10
 Summary:          Default file manager for GNOME
 License:          GPLv3+ and LGPLv2+
 URL:              https://wiki.gnome.org/Apps/Nautilus
@@ -21,6 +21,7 @@ Patch03:         nautius-3.33.90-display-tooltip-content.patch
 Patch04:         nautius-3.33.90-translate-general-and-show-sidebar.patch
 Patch05:         nautius-3.33.90-Add-right-click-sort-function.patch
 Patch06:         nautius-3.33.90-Add-the-ability-to-create-document.patch
+Patch07:         CVE-2022-37290.patch
 
 %description
 It's easier to manage your files for the GNOME desktop. Ability to browse directories on local and remote systems.
@@ -86,6 +87,9 @@ make test
 %{_datadir}/metainfo/*
 
 %changelog
+* Tue May 21 2024 liweigang <liweiganga@uniontech.com> - 3.33.90-10
+- Fix crash when copying an invalid file
+
 * Thu Dec 15 2022 Guangzhong Yao <yaoguangzhong@xfusion.com> - 3.33.90-9
 - Type:bugfix
 - Id:NA