diff --git a/0001-fix-CVE-2024-37535.patch b/0001-fix-CVE-2024-37535.patch
new file mode 100644
index 0000000..b45962f
--- /dev/null
+++ b/0001-fix-CVE-2024-37535.patch
@@ -0,0 +1,118 @@
+From d590efa43eb4cd57ac9cbdea93de170361db38e6 Mon Sep 17 00:00:00 2001
+From: happyworker <208suo@208suo.com>
+Date: Fri, 5 Jul 2024 16:32:42 +0800
+Subject: [PATCH] CreatePatch
+
+---
+ src/vtegtk.cc | 39 +++++++++++++++++++++++++++++++++++++++
+ src/vteseq.cc | 16 ++++++++++------
+ 2 files changed, 49 insertions(+), 6 deletions(-)
+
+diff --git a/src/vtegtk.cc b/src/vtegtk.cc
+index d4fe1b7..49f20e0 100644
+--- a/src/vtegtk.cc
++++ b/src/vtegtk.cc
+@@ -66,6 +66,43 @@
+ 
+ #define VTE_TERMINAL_CSS_NAME "vte-terminal"
+ 
++static inline void
++sanitise_widget_size_request(int* minimum,
++                             int* natural) noexcept
++{
++        // Overly large size requests will make gtk happily allocate
++        // a window size over the window system's limits (see
++        // e.g. https://gitlab.gnome.org/GNOME/vte/-/issues/2786),
++        // leading to aborting the whole process.
++        // The toolkit should be in a better position to know about
++        // these limits and not exceed them (which here is certainly
++        // possible since our minimum sizes are very small), let's
++        // limit the widget's size request to some large value
++        // that hopefully is within the absolute limits of
++        // the window system (assumed here to be int16 range,
++        // and leaving some space for the widgets that contain
++        // the terminal).
++        auto const limit = (1 << 15) - (1 << 12);
++
++        if (*minimum > limit || *natural > limit) {
++                static auto warned = false;
++
++                if (!warned) {
++                        g_warning("Widget size request (minimum %d, natural %d) exceeds limits\n",
++                                  *minimum, *natural);
++                        warned = true;
++                }
++        }
++
++        *minimum = std::min(*minimum, limit);
++        //*natural = std::clamp(*natural, *minimum, limit);
++        if (*natural < *minimum) {
++            *natural  = *minimum;
++        } else if (*natural > limit) {
++            *natural = limit;
++        } 
++}
++
+ struct _VteTerminalClassPrivate {
+         GtkStyleProvider *style_provider;
+ };
+@@ -289,6 +326,7 @@ vte_terminal_get_preferred_width(GtkWidget *widget,
+ {
+ 	VteTerminal *terminal = VTE_TERMINAL(widget);
+         WIDGET(terminal)->get_preferred_width(minimum_width, natural_width);
++        sanitise_widget_size_request(minimum_width, natural_width);
+ }
+ 
+ static void
+@@ -298,6 +336,7 @@ vte_terminal_get_preferred_height(GtkWidget *widget,
+ {
+ 	VteTerminal *terminal = VTE_TERMINAL(widget);
+         WIDGET(terminal)->get_preferred_height(minimum_height, natural_height);
++        sanitise_widget_size_request(minimum_height, natural_height);
+ }
+ 
+ static void
+diff --git a/src/vteseq.cc b/src/vteseq.cc
+index 51b3a2c..2f2b791 100644
+--- a/src/vteseq.cc
++++ b/src/vteseq.cc
+@@ -236,7 +236,16 @@ void
+ Terminal::emit_move_window(guint x,
+                                      guint y)
+ {
+-        _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `move-window'.\n");
++        // Ignore resizes with excessive number of rows or columns,
++        // see https://gitlab.gnome.org/GNOME/vte/-/issues/2786
++        if (x < 2 ||  /* space for one wide character */
++            x > 511 ||
++            y < 1 ||
++            y > 511)
++                return;
++
++        _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `resize-window' %d columns %d rows.\n",
++                         x, y);
+         g_signal_emit(m_terminal, signals[SIGNAL_MOVE_WINDOW], 0, x, y);
+ }
+ 
+@@ -4341,8 +4350,6 @@ Terminal::DECSLPP(vte::parser::Sequence const& seq)
+         else if (param < 24)
+                 return;
+ 
+-        _vte_debug_print(VTE_DEBUG_EMULATION, "Resizing to %d rows.\n", param);
+-
+         emit_resize_window(m_column_count, param);
+ }
+ 
+@@ -8439,9 +8446,6 @@ Terminal::XTERM_WM(vte::parser::Sequence const& seq)
+                 seq.collect(1, {&height, &width});
+ 
+                 if (width != -1 && height != -1) {
+-                        _vte_debug_print(VTE_DEBUG_EMULATION,
+-                                         "Resizing window to %d columns, %d rows.\n",
+-                                         width, height);
+                         emit_resize_window(width, height);
+                 }
+                 break;
+-- 
+2.27.0
+
diff --git a/vte291.spec b/vte291.spec
index f74f90e..e3c5b0b 100644
--- a/vte291.spec
+++ b/vte291.spec
@@ -1,6 +1,6 @@
 Name:           vte291
 Version:        0.54.1
-Release:        5
+Release:        6
 Summary:        Virtual terminal widget
 License:        LGPLv2+ and GPLv3+
 URL:            http://www.gnome.org/
@@ -8,6 +8,7 @@ Source0:        http://download.gnome.org/sources/vte/0.54/vte-%{version}.tar.xz
 Patch0000:      vte291-Fix-the-build-with-GCC-8.1.1.patch
 Patch0001:      vte291-command-notify-scroll-speed.patch
 Patch0002:      Fix-build-empty-struct-definition.patch
+Patch0003:      0001-fix-CVE-2024-37535.patch 
 
 BuildRequires:  gcc-c++ gettext pkgconfig(gnutls) >= 3.2.7
 BuildRequires:  gobject-introspection-devel gperf pkgconfig(gtk+-3.0) >= 3.8.0
@@ -63,6 +64,9 @@ LDFLAGS="$LDFLAGS -Wl,-z,relro -Wl,-z,now -pie" \
 %{_datadir}/vala/
 
 %changelog
+* Fri Jul  5 CST 2024 happyworker <208suo@208suo.com> - 0.54.1-6
+- Fix CVE-2024-37535
+
 * Mon Nov 08 2021 chenchen <chen_aka_jan@163.com> - 0.54.1-5
 - Fix build empty struct definition