diff --git a/debian/changelog b/debian/changelog
index e24fb2c..4ad68a0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,8 @@ freerdp2 (2.3.0+dfsg1-2+deb10u4) UNRELEASED; urgency=medium
     parameters.
   * Import fix for CVE-2022-24883 - FreeRDP Server authentication might allow
     invalid credentials to pass.
+  * Import fix for (see #1024511)
+    - CVE-2022-39316 - Out of bound read in zgfx decoder and
 
  -- Tobias Frost <tobi@debian.org>  Sat, 28 Oct 2023 18:12:57 +0200
 
diff --git a/debian/patches/0053-CVE-2022-39316.patch b/debian/patches/0053-CVE-2022-39316.patch
new file mode 100644
index 0000000..ee8e241
--- /dev/null
+++ b/debian/patches/0053-CVE-2022-39316.patch
@@ -0,0 +1,50 @@
+Description: CVE-2022-39316 - Out of bound read in zgfx decoder 
+Origin: https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0.patch
+Bug: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024511
+From e865c24efc40ebc52e75979c94cdd4ee2c1495b0 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Thu, 13 Oct 2022 09:09:28 +0200
+Subject: [PATCH] Added missing length checks in zgfx_decompress_segment
+
+(cherry picked from commit 64716b335858109d14f27b51acc4c4d71a92a816)
+---
+ libfreerdp/codec/zgfx.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/libfreerdp/codec/zgfx.c
++++ b/libfreerdp/codec/zgfx.c
+@@ -230,19 +230,19 @@
+ 	BYTE* pbSegment;
+ 	size_t cbSegment;
+ 
+-	if (!zgfx || !stream)
++	if (!zgfx || !stream || (segmentSize < 2))
+ 		return FALSE;
+ 
+ 	cbSegment = segmentSize - 1;
+ 
+-	if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize < 1) ||
+-	    (segmentSize > UINT32_MAX))
++	if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize > UINT32_MAX))
+ 		return FALSE;
+ 
+ 	Stream_Read_UINT8(stream, flags); /* header (1 byte) */
+ 	zgfx->OutputCount = 0;
+ 	pbSegment = Stream_Pointer(stream);
+-	Stream_Seek(stream, cbSegment);
++	if (!Stream_SafeSeek(stream, cbSegment))
++		return FALSE;
+ 
+ 	if (!(flags & PACKET_COMPRESSED))
+ 	{
+@@ -350,6 +350,9 @@
+ 						if (count > sizeof(zgfx->OutputBuffer) - zgfx->OutputCount)
+ 							return FALSE;
+ 
++						if (count > zgfx->cBitsRemaining / 8)
++							return FALSE;
++
+ 						CopyMemory(&(zgfx->OutputBuffer[zgfx->OutputCount]), zgfx->pbInputCurrent,
+ 						           count);
+ 						zgfx_history_buffer_ring_write(zgfx, zgfx->pbInputCurrent, count);
diff --git a/debian/patches/series b/debian/patches/series
index aa4df72..685137b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -42,3 +42,4 @@
 0050-CVE-2021-41160.patch
 0051-CVE-2022-24882.patch
 0052-CVE-2022-24883.patch
+0053-CVE-2022-39316.patch