diff --git a/audiofile-0.3.6-CVE-2022-24599.patch b/audiofile-0.3.6-CVE-2022-24599.patch
new file mode 100644
index 0000000..18237d0
--- /dev/null
+++ b/audiofile-0.3.6-CVE-2022-24599.patch
@@ -0,0 +1,45 @@
+diff --git a/sfcommands/printinfo.c b/sfcommands/printinfo.c
+index 60e6947..f5cf925 100644
+--- a/sfcommands/printinfo.c
++++ b/sfcommands/printinfo.c
+@@ -37,6 +37,7 @@
+ #include <stdint.h>
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <limits.h>
+
+ static char *copyrightstring (AFfilehandle file);
+
+@@ -147,7 +148,11 @@ static char *copyrightstring (AFfilehandle file)
+ 	int		i, misccount;
+
+ 	misccount = afGetMiscIDs(file, NULL);
+-	miscids = (int *) malloc(sizeof (int) * misccount);
++	if(!misccount)
++		return NULL;
++	miscids = (int *) calloc(misccount, sizeof(int));
++	if(!miscids)
++		return NULL;
+ 	afGetMiscIDs(file, miscids);
+
+ 	for (i=0; i<misccount; i++)
+@@ -159,13 +164,16 @@ static char *copyrightstring (AFfilehandle file)
+ 			If this code executes, the miscellaneous chunk is a
+ 			copyright chunk.
+ 		*/
+-		int datasize = afGetMiscSize(file, miscids[i]);
+-		char *data = (char *) malloc(datasize);
++		size_t datasize = afGetMiscSize(file, miscids[i]);
++		if(datasize >= INT_MAX -1 ) {
++			goto error;
++		}
++		char *data = (char *) calloc(datasize + 1, 1);
+ 		afReadMisc(file, miscids[i], data, datasize);
+ 		copyright = data;
+ 		break;
+ 	}
+-
++error:
+ 	free(miscids);
+
+ 	return copyright;
diff --git a/audiofile.spec b/audiofile.spec
index bb1c6ab..4e71aec 100644
--- a/audiofile.spec
+++ b/audiofile.spec
@@ -3,7 +3,7 @@
 Summary: Library for accessing various audio file formats
 Name: audiofile
 Version: 0.3.6
-Release: 35%{?dist}
+Release: 36%{?dist}
 Epoch: 1
 # library is LGPL / the two programs GPL / see README
 License: LGPL-2.1-or-later and GPL-2.0-or-later
@@ -30,6 +30,7 @@ Patch6: 822b732fd31ffcb78f6920001e9b1fbd815fa712.patch
 Patch7: 941774c8c0e79007196d7f1e7afdc97689f869b3.patch
 Patch8: fde6d79fb8363c4a329a184ef0b107156602b225.patch
 Patch9: integer-overflow.patch
+Patch10: audiofile-0.3.6-CVE-2022-24599.patch
 
 %description
 The Audio File library is an implementation of the Audio File Library
@@ -50,17 +51,17 @@ other resources you can use to develop Audio File applications.
 
 %prep
 %setup -q
-%patch0 -p1 -b .CVE-2015-7747
-%patch1 -p1 -b .left-shift-neg
-%patch2 -p1 -b .narrowing-conversion
-%patch3 -p1 -b .pull42
-%patch4 -p1 -b .pull43
-%patch5 -p1 -b .pull44
-%patch6 -p1 -b .CVE-2018-17095
-%patch7 -p1 -b .CVE-2018-13440
-%patch8 -p1 -b .CVE-2018-13440
-%patch9 -p1 -b .integer-overflow
-
+%patch -P 0 -p1 -b .CVE-2015-7747
+%patch -P 1 -p1 -b .left-shift-neg
+%patch -P 2 -p1 -b .narrowing-conversion
+%patch -P 3 -p1 -b .pull42
+%patch -P 4 -p1 -b .pull43
+%patch -P 5 -p1 -b .pull44
+%patch -P 6 -p1 -b .CVE-2018-17095
+%patch -P 7 -p1 -b .CVE-2018-13440
+%patch -P 8 -p1 -b .CVE-2018-13440
+%patch -P 9 -p1 -b .integer-overflow
+%patch -P 10 -p1 -b .CVE-2022-24599
 
 %build
 %configure --disable-rpath
@@ -100,6 +101,9 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/sfinfo
 %{_mandir}/man3/*
 
 %changelog
+* Mon Nov 13 2023 Gwyn Ciesla <gwync@protonmail.com> - 1:0.3.6-36
+Patch for CVE-2022-24599
+
 * Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.6-35
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild