diff --git a/libtiff-CVE-2022-22844.patch b/libtiff-CVE-2022-22844.patch
new file mode 100644
index 0000000..71c81c0
--- /dev/null
+++ b/libtiff-CVE-2022-22844.patch
@@ -0,0 +1,39 @@
+From 49b81e99704bd199a24ccce65f974cc2d78cccc4 Mon Sep 17 00:00:00 2001
+From: 4ugustus <wangdw.augustus@qq.com>
+Date: Tue, 4 Jan 2022 11:01:37 +0000
+Subject: [PATCH] fixing global-buffer-overflow in tiffset
+
+---
+ tools/tiffset.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/tools/tiffset.c b/tools/tiffset.c
+index 8c9e23c5..b7badd93 100644
+--- a/tools/tiffset.c
++++ b/tools/tiffset.c
+@@ -146,9 +146,19 @@ main(int argc, char* argv[])
+ 
+             arg_index++;
+             if (TIFFFieldDataType(fip) == TIFF_ASCII) {
+-                if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1)
+-                    fprintf( stderr, "Failed to set %s=%s\n",
+-                             TIFFFieldName(fip), argv[arg_index] );
++                if(TIFFFieldPassCount( fip )) {
++                    size_t len;
++                    len = (uint32_t)(strlen(argv[arg_index] + 1));
++                    if (TIFFSetField(tiff, TIFFFieldTag(fip),
++                            (uint16_t)len, argv[arg_index]) != 1)
++                        fprintf( stderr, "Failed to set %s=%s",
++                            TIFFFieldName(fip), argv[arg_index] );
++                } else {
++                    if (TIFFSetField(tiff, TIFFFieldTag(fip),
++                            argv[arg_index]) != 1)
++                        fprintf( stderr, "Failed to set %s=%s",
++                            TIFFFieldName(fip), argv[arg_index] );
++                }
+             } else if (TIFFFieldWriteCount(fip) > 0
+ 		       || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
+                 int     ret = 1;
+-- 
+GitLab
+
diff --git a/libtiff.spec b/libtiff.spec
index 2d2340f..c028d51 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,7 +1,7 @@
 Summary:       Library of functions for manipulating TIFF format image files
 Name:          libtiff
 Version:       4.3.0
-Release:       2%{?dist}
+Release:       3%{?dist}
 License:       libtiff
 URL:           http://www.simplesystems.org/libtiff/
 
@@ -9,6 +9,8 @@ Source:        http://download.osgeo.org/libtiff/tiff-%{version}.tar.gz
 
 Patch0:        libtiff-am-version.patch
 Patch1:        libtiff-make-check.patch
+# https://gitlab.com/libtiff/libtiff/-/merge_requests/287
+Patch2:        libtiff-CVE-2022-22844.patch
 
 BuildRequires: gcc, gcc-c++
 BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel
@@ -60,6 +62,7 @@ image files using the libtiff library.
 
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 # Use build system's libtool.m4, not the one in the package.
 rm -f libtool.m4
@@ -164,6 +167,9 @@ find html -name 'Makefile*' | xargs rm
 %{_mandir}/man1/*
 
 %changelog
+* Thu Jan 20 2022 Nikola Forró <nforro@redhat.com> - 4.3.0-3
+- Fix CVE-2022-22844 (#2042604)
+
 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild