diff --git a/libtiff-4.0.9-CVE-2017-17095.patch b/libtiff-4.0.9-CVE-2017-17095.patch
new file mode 100644
index 0000000..1077020
--- /dev/null
+++ b/libtiff-4.0.9-CVE-2017-17095.patch
@@ -0,0 +1,40 @@
+From 9171da596c88e6a2dadcab4a3a89dddd6e1b4655 Mon Sep 17 00:00:00 2001
+From: Nathan Baker <elitebadger@gmail.com>
+Date: Thu, 25 Jan 2018 21:28:15 +0000
+Subject: [PATCH] Add workaround to pal2rgb buffer overflow.
+
+---
+ tools/pal2rgb.c | 17 +++++++++++++++--
+ 1 file changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
+index 0423598f0..01fcf9411 100644
+--- a/tools/pal2rgb.c
++++ b/tools/pal2rgb.c
+@@ -182,8 +182,21 @@ main(int argc, char* argv[])
+ 	{ unsigned char *ibuf, *obuf;
+ 	  register unsigned char* pp;
+ 	  register uint32 x;
+-	  ibuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(in));
+-	  obuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(out));
++	  tmsize_t tss_in = TIFFScanlineSize(in);
++	  tmsize_t tss_out = TIFFScanlineSize(out);
++	  if (tss_out / tss_in < 3) {
++		/*
++		 * BUG 2750: The following code does not know about chroma
++		 * subsampling of JPEG data. It assumes that the output buffer is 3x
++		 * the length of the input buffer due to exploding the palette into
++		 * RGB tuples. If this assumption is incorrect, it could lead to a
++		 * buffer overflow. Go ahead and fail now to prevent that.
++		 */
++		fprintf(stderr, "Could not determine correct image size for output. Exiting.\n");
++		return -1;
++      }
++	  ibuf = (unsigned char*)_TIFFmalloc(tss_in);
++	  obuf = (unsigned char*)_TIFFmalloc(tss_out);
+ 	  switch (config) {
+ 	  case PLANARCONFIG_CONTIG:
+ 		for (row = 0; row < imagelength; row++) {
+-- 
+GitLab
+
diff --git a/libtiff.spec b/libtiff.spec
index 071e6cc..7907502 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,7 +1,7 @@
 Summary:       Library of functions for manipulating TIFF format image files
 Name:          libtiff
 Version:       4.0.9
-Release:       33%{?dist}
+Release:       34%{?dist}
 License:       libtiff
 Group:         System Environment/Libraries
 URL:           http://www.simplesystems.org/libtiff/
@@ -59,6 +59,10 @@ Patch0043: 0043-CVE-2023-6228-Merge-branch-fix_606_tiffcp_check_also.patch
 # https://gitlab.com/libtiff/libtiff/-/commit/3705f82b6483c7906cf08cd6b9dcdcd59c61d779
 Patch44:       libtiff-4.6.0-CVE-2024-7006.patch
 
+# from upstream, for < 4.0.10, RHEL-87363
+# https://gitlab.com/libtiff/libtiff/-/commit/9171da596c88e6a2dadcab4a3a89dddd6e1b4655
+Patch45:       libtiff-4.0.9-CVE-2017-17095.patch
+
 BuildRequires: gcc, gcc-c++
 BuildRequires: zlib-devel libjpeg-devel jbigkit-devel
 BuildRequires: libtool automake autoconf pkgconfig
@@ -211,6 +215,9 @@ find html -name 'Makefile*' | xargs rm
 %{_mandir}/man1/*
 
 %changelog
+* Tue Apr 22 2025 Michal Hlavinka <mhlavink@redhat.com> - 4.0.9-34
+- fix CVE-2017-17095: heap-based buffer overflow in pal2rgb (RHEL-87363)
+
 * Thu Aug 29 2024 Michal Hlavinka <mhlavink@redhat.com> - 4.0.9-33
 - fix CVE-2024-7006 a null pointer dereference in tif_dirinfo (RHEL-52927)