diff --git a/backport-fix-CVE-2025-8534.patch b/backport-fix-CVE-2025-8534.patch
new file mode 100644
index 0000000000000000000000000000000000000000..99c04cbbad50e76ed30ee6a2098222c8391179e7
--- /dev/null
+++ b/backport-fix-CVE-2025-8534.patch
@@ -0,0 +1,57 @@
+From 6ba36f159fd396ad11bf6b7874554197736ecc8b Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sat, 2 Aug 2025 18:55:54 +0200
+Subject: [PATCH] tiff2ps: check return of TIFFGetFiled() for
+ TIFFTAG_STRIPBYTECOUNTS and TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer
+ dereference.
+
+Closes #718
+---
+ tools/unsupported/tiff2ps.c | 20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/tools/unsupported/tiff2ps.c b/tools/unsupported/tiff2ps.c
+index 541495d..d6a54b4 100644
+--- a/tools/unsupported/tiff2ps.c
++++ b/tools/unsupported/tiff2ps.c
+@@ -2432,12 +2432,22 @@ int PS_Lvl2page(FILE *fd, TIFF *tif, uint32_t w, uint32_t h)
+     if (tiled_image)
+     {
+         num_chunks = TIFFNumberOfTiles(tif);
+-        TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc);
++        if (!TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc))
++        {
++            TIFFError(filename,
++                      "Can't read bytecounts of tiles at PS_Lvl2page()");
++            return (FALSE);
++        }
+     }
+     else
+     {
+         num_chunks = TIFFNumberOfStrips(tif);
+-        TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc);
++        if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc))
++        {
++            TIFFError(filename,
++                      "Can't read bytecounts of strips at PS_Lvl2page()");
++            return (FALSE);
++        }
+     }
+ 
+     if (use_rawdata)
+@@ -3107,7 +3117,11 @@ void PSRawDataBW(FILE *fd, TIFF *tif, uint32_t w, uint32_t h)
+     (void)w;
+     (void)h;
+     TIFFGetFieldDefaulted(tif, TIFFTAG_FILLORDER, &fillorder);
+-    TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc);
++    if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc))
++    {
++        TIFFError(filename, "Can't read bytecounts of strips at PSRawDataBW()");
++        return;
++    }
+ 
+     /*
+      * Find largest strip:
+-- 
+2.47.3
+
diff --git a/libtiff.spec b/libtiff.spec
index a748c55170b43a45ec023dfde87bb6ddc1973f3c..1034ecc76bc29c22b1c3f215d802ac634a3cbeb4 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,4 +1,4 @@
-%define anolis_release 2
+%define anolis_release 3
 Summary:       Library of functions for manipulating TIFF format image files
 Name:          libtiff
 Version:       4.6.0
@@ -24,6 +24,9 @@ Patch2:        CVE-2023-6228.patch
 # https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a
 Patch3:        Fix-CVE-2023-52356.patch
 
+# https://gitlab.com/libtiff/libtiff/-/merge_requests/746
+Patch4:        backport-fix-CVE-2025-8534.patch
+
 %description
 The libtiff package contains a library of functions for manipulating
 TIFF (Tagged Image File Format) image format files.  TIFF is a widely
@@ -126,6 +129,9 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/
 %{_mandir}/man1/tiffsplit.1*
 
 %changelog
+* Wed Aug 13 2025 wenxin <wx02272781@alibaba-inc.com> - 4.6.0-3
+- Add patch to fix CVE-2025-8534
+
 * Fri Mar 14 2025 mgb01105731 <mgb01105731@alibaba-inc.com> - 4.6.0-2
 - to #IAGL52
 - Add patch to fix CVE-2023-52356