diff --git a/0006-Add-attributes-file-nodesize-check.patch b/0006-Add-attributes-file-nodesize-check.patch
new file mode 100644
index 0000000..0587cf9
--- /dev/null
+++ b/0006-Add-attributes-file-nodesize-check.patch
@@ -0,0 +1,35 @@
+From 6d709c18097b2b60a8583baf0714648a363b724e Mon Sep 17 00:00:00 2001
+From: lingsheng <lingsheng@huawei.com>
+Date: Fri, 18 Dec 2020 10:52:36 +0800
+Subject: [PATCH] Add attributes file nodesize check
+
+---
+ tsk/fs/hfs.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/tsk/fs/hfs.c b/tsk/fs/hfs.c
+index 43dc2a9..636c4b7 100644
+--- a/tsk/fs/hfs.c
++++ b/tsk/fs/hfs.c
+@@ -3970,6 +3970,18 @@ hfs_load_extended_attrs(TSK_FS_FILE * fs_file,
+         return 0;
+     }
+ 
++    // Is the Attributes file nodesize valid?
++    // byte size of each node(512..32768)
++    if (attrFile.nodeSize < 512 || attrFile.nodeSize > 32768) {
++        if (tsk_verbose)
++            tsk_fprintf(stderr,
++                "hfs_load_extended_attrs: Attributes file nodesize is invalid\n");
++            close_attr_file(&attrFile);
++            *isCompressed = FALSE;
++            *cmpType = 0;
++            return 0;
++    }
++
+     // A place to hold one node worth of data
+     nodeData = (uint8_t *) malloc(attrFile.nodeSize);
+     if (nodeData == NULL) {
+-- 
+2.23.0
+
diff --git a/sleuthkit.spec b/sleuthkit.spec
index f11d76c..887852d 100644
--- a/sleuthkit.spec
+++ b/sleuthkit.spec
@@ -1,6 +1,6 @@
 Name:           sleuthkit
 Version:        4.6.7
-Release:        4
+Release:        5
 Summary:        Tools for file system and volume forensic analysis
 License:        CPL and IBM and GPLv2+
 URL:            http://www.sleuthkit.org
@@ -11,6 +11,7 @@ Patch2:         0002-Ensure-that-we-don-t-attempt-to-index-into-an-invali.patch
 Patch3:         0003-Fix-bug-introduced-with-imap-offset-check.patch
 Patch4:         0004-Cast-attrseq-address-to-uintptr_t-so-that-the-correc.patch
 Patch5:         0005-Fix-Fuzz-buffer-overflow.patch
+Patch6:         0006-Add-attributes-file-nodesize-check.patch
 
 BuildRequires:  gcc-c++ afflib-devel >= 3.3.4 libewf-devel perl-generators sqlite-devel
 
@@ -85,6 +86,9 @@ sed -i.rpath 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 %{_mandir}/man1/*
 
 %changelog
+* Fri Dec 18 2020 lingsheng <lingsheng@huawei.com> - 4.6.7-5
+- Add attributes file nodesize check to fix heap overflow
+
 * Tue Dec 15 2020 Jiachen Fan <fanjiachen3@huawei.com> - 4.6.7-4
 - fix oss-fuzz heap over flow