diff --git a/Fix-CVE-2024-13978.patch b/Fix-CVE-2024-13978.patch
new file mode 100644
index 0000000000000000000000000000000000000000..002085508dc5fd4c5adfbf76a07412795810210e
--- /dev/null
+++ b/Fix-CVE-2024-13978.patch
@@ -0,0 +1,43 @@
+From 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4 Mon Sep 17 00:00:00 2001
+From: Lee Howard <faxguy@howardsilvan.com>
+Date: Sat, 5 Oct 2024 09:45:30 -0700
+Subject: [PATCH] Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH for valid
+ input, addresses issue #650
+
+Reference:https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4
+Conflict:Adapt tiff2pdf.c path and edit line
+---
+ tools/unsupported/tiff2pdf.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/tools/unsupported/tiff2pdf.c b/tools/unsupported/tiff2pdf.c
+index 6dfc239f1..2010feea8 100644
+--- a/tools/unsupported/tiff2pdf.c
++++ b/tools/unsupported/tiff2pdf.c
+@@ -1337,8 +1337,24 @@ void t2p_read_tiff_init(T2P *t2p, TIFF *input)
+             t2p->pdf_xrefcount += (t2p->tiff_tiles[i].tiles_tilecount - 1) * 2;
+             TIFFGetField(input, TIFFTAG_TILEWIDTH,
+                          &(t2p->tiff_tiles[i].tiles_tilewidth));
++            if (t2p->tiff_tiles[i].tiles_tilewidth < 1)
++            {
++                TIFFError(TIFF2PDF_MODULE, "Invalid tile width (%d), %s",
++                          t2p->tiff_tiles[i].tiles_tilewidth,
++                          TIFFFileName(input));
++                t2p->t2p_error = T2P_ERR_ERROR;
++                return;
++            }
+             TIFFGetField(input, TIFFTAG_TILELENGTH,
+                          &(t2p->tiff_tiles[i].tiles_tilelength));
++            if (t2p->tiff_tiles[i].tiles_tilelength < 1)
++            {
++                TIFFError(TIFF2PDF_MODULE, "Invalid tile length (%d), %s",
++                          t2p->tiff_tiles[i].tiles_tilelength,
++                          TIFFFileName(input));
++                t2p->t2p_error = T2P_ERR_ERROR;
++                return;
++            }
+             t2p->tiff_tiles[i].tiles_tiles = (T2P_TILE *)_TIFFmalloc(
+                 TIFFSafeMultiply(tmsize_t, t2p->tiff_tiles[i].tiles_tilecount,
+                                  sizeof(T2P_TILE)));
+-- 
+GitLab
diff --git a/libtiff.spec b/libtiff.spec
index 1034ecc76bc29c22b1c3f215d802ac634a3cbeb4..8f1ac2c3fe67fd904f3a1553479680a190b3d5c4 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,4 +1,4 @@
-%define anolis_release 3
+%define anolis_release 4
 Summary:       Library of functions for manipulating TIFF format image files
 Name:          libtiff
 Version:       4.6.0
@@ -26,6 +26,8 @@ Patch3:        Fix-CVE-2023-52356.patch
 
 # https://gitlab.com/libtiff/libtiff/-/merge_requests/746
 Patch4:        backport-fix-CVE-2025-8534.patch
+# https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4
+Patch5:        Fix-CVE-2024-13978.patch
 
 %description
 The libtiff package contains a library of functions for manipulating
@@ -129,6 +131,9 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/
 %{_mandir}/man1/tiffsplit.1*
 
 %changelog
+* Tue Sep 18 2025 wh02252983 <wh02252983@alibaba-inc.com> - 4.6.0-4
+- Add patch to fix CVE-2024-13978
+
 * Wed Aug 13 2025 wenxin <wx02272781@alibaba-inc.com> - 4.6.0-3
 - Add patch to fix CVE-2025-8534