diff --git a/rpm-4.16.1.3-pgp-explicit-pointer-increment.patch b/rpm-4.16.1.3-pgp-explicit-pointer-increment.patch
new file mode 100644
index 0000000..217597a
--- /dev/null
+++ b/rpm-4.16.1.3-pgp-explicit-pointer-increment.patch
@@ -0,0 +1,12 @@
+diff -up rpm-4.16.1.3/rpmio/rpmpgp.c.orig rpm-4.16.1.3/rpmio/rpmpgp.c
+--- rpm-4.16.1.3/rpmio/rpmpgp.c.orig	2024-07-11 13:20:04.872431485 +0200
++++ rpm-4.16.1.3/rpmio/rpmpgp.c	2024-07-11 13:20:33.828279453 +0200
+@@ -619,7 +619,7 @@ static int pgpPrtSig(pgpTag tag, const u
+ 	p = &v->hashlen[0];
+ 	if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen))
+ 	    return 1;
+-	p += sizeof(v->hashlen);
++	p = h + sizeof(v);
+ 
+ 	if ((p + plen) > (h + hlen))
+ 	    return 1;
diff --git a/rpm.spec b/rpm.spec
index 108e55f..8a52d3c 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -133,6 +133,7 @@ Patch916: 0006-debugedit-Handle-DWARF-5-debug_line-and-debug_line_s.patch
 Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch
 Patch1001: rpm-4.16.1.3-find_debuginfo_vendor_opts.patch
 Patch1002: 0001-Macroize-find-debuginfo-script-location.patch
+Patch1003: rpm-4.16.1.3-pgp-explicit-pointer-increment.patch
 
 # Partially GPL/LGPL dual-licensed and some bits with BSD
 # SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD
@@ -664,6 +665,7 @@ fi
 * Thu Jul 11 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-31
 - Fix potential use of uninitialized pipe array (RHEL-22604)
 - Fix potential use of uninitialized pgp struct (RHEL-22605)
+- Don't confuse OpenScanHub with false array overrun (RHEL-22607)
 
 * Mon Jun 03 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-30
 - Don't segfault on missing priority tag (RHEL-35249)