diff --git a/0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch b/0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a2eb48be6de2530148a2b551061e64eb222f542c
--- /dev/null
+++ b/0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch
@@ -0,0 +1,22 @@
+diff -up vim80/src/regexp.c.cve1154 vim80/src/regexp.c
+--- vim80/src/regexp.c.cve1154	2022-04-09 12:01:30.054452927 +0200
++++ vim80/src/regexp.c	2022-04-09 12:02:48.987999877 +0200
+@@ -4415,8 +4415,17 @@ regmatch(
+ 		int	mark = OPERAND(scan)[0];
+ 		int	cmp = OPERAND(scan)[1];
+ 		pos_T	*pos;
++		size_t	col = REG_MULTI ? reginput - regline : 0;
+ 
+ 		pos = getmark_buf(rex.reg_buf, mark, FALSE);
++
++		// Line may have been freed, get it again.
++		if (REG_MULTI)
++		{
++		    regline = reg_getline(reglnum);
++		    reginput = regline + col;
++		}
++
+ 		if (pos == NULL		     /* mark doesn't exist */
+ 			|| pos->lnum <= 0    /* mark isn't set in reg_buf */
+ 			|| (pos->lnum == reglnum + rex.reg_firstlnum
+diff -up vim80/src/testdir/test_regexp_latin.vim.cve1154 vim80/src/testdir/test_regexp_latin.vim
diff --git a/download b/download
new file mode 100644
index 0000000000000000000000000000000000000000..1ff0096755a786e28548bccedb29198dc02ca437
--- /dev/null
+++ b/download
@@ -0,0 +1 @@
+44d6e48cd0af44856aba4aef224d1719  vim-8.0-1763.tar.bz2
diff --git a/vim-8.0-1763.tar.bz2 b/vim-8.0-1763.tar.bz2
deleted file mode 100644
index ad35d8f908dee55aadbca900dd3a13ce83f60c37..0000000000000000000000000000000000000000
Binary files a/vim-8.0-1763.tar.bz2 and /dev/null differ
diff --git a/vim.spec b/vim.spec
index 95ee3f9c5683c088ccf2c6a63db9bb2624184423..0f9d8af657ae596b2fe7c73ed762969441e5006e 100644
--- a/vim.spec
+++ b/vim.spec
@@ -25,7 +25,7 @@ Summary: The VIM editor
 URL:     http://www.vim.org/
 Name: vim
 Version: %{baseversion}.%{patchlevel}
-Release: 16%{anolis_release}%{?dist}.12
+Release: 16%{anolis_release}%{?dist}.13
 License: Vim and MIT
 Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
 Source1: vim.sh
@@ -101,6 +101,8 @@ Patch3032: 0001-patch-8.2.4218-illegal-memory-access-with-bracketed-.patch
 Patch3033: 0001-patch-8.2.4253-using-freed-memory-when-substitute-wi.patch
 # CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
 Patch3034: 0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch
+# CVE-2022-1154 vim: use after free in utf_ptr2char
+Patch3035: 0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch
 
 # Add by Anolis
 # backport patch to fix build error with ruby
@@ -317,6 +319,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
 %patch3032 -p1 -b .cve0392
 %patch3033 -p1 -b .cve0413
 %patch3034 -p1 -b .cve0361
+%patch3035 -p1 -b .cve1154
 
 %patch10000 -p1
 
@@ -837,10 +840,13 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
 %{_datadir}/icons/locolor/*/apps/*
 
 %changelog
-* Mon Mar 21 2022 Mahailiang <mahailiang@openanolis.org> - 2:8.0.1763-16.0.1.12
+* Wed Apr 27 2022 Mahailiang <mahailiang@openanolis.org> - 2:8.0.1763-16.0.1.13
 - Rebrand to Anolis(Xiaoxuan Yang)
 - Fix build issue with ruby(Liwei Ge)
 
+* Sat Apr 09 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.13
+- CVE-2022-1154 vim: use after free in utf_ptr2char
+
 * Tue Feb 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.12
 - CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository