diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000000000000000000000000000000000000..d87f5613ec4234f82f8eaeebc563711f587fdf88
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.xz filter=lfs diff=lfs merge=lfs -text
diff --git a/.lfsconfig b/.lfsconfig
new file mode 100644
index 0000000000000000000000000000000000000000..1f7a8e7ca02dbee5b3978ea26ea52cabc302cbbe
--- /dev/null
+++ b/.lfsconfig
@@ -0,0 +1,2 @@
+[lfs]
+	url = https://artlfs.openeuler.openatom.cn/src-openEuler/libtiff
diff --git a/CVE-2025-8176.patch b/CVE-2025-8176.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b81273a463baf01f7261500de10aae4e0b17d0e1
--- /dev/null
+++ b/CVE-2025-8176.patch
@@ -0,0 +1,113 @@
+From 3994cf3b3bc6b54c32f240ca5a412cffa11633fa Mon Sep 17 00:00:00 2001
+From: Lee Howard <faxguy@howardsilvan.com>
+Date: Mon, 19 May 2025 10:53:30 -0700
+Subject: [PATCH 1/3] Don't skip the first line of the input image.  Addresses
+ issue #703
+
+---
+ tools/tiffdither.c | 4 ++--
+ tools/tiffmedian.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/tools/tiffdither.c b/tools/tiffdither.c
+index 714fe03d4..bfed6df18 100644
+--- a/tools/tiffdither.c
++++ b/tools/tiffdither.c
+@@ -98,7 +98,7 @@ static int fsdither(TIFF *in, TIFF *out)
+     nextptr = nextline;
+     for (j = 0; j < imagewidth; ++j)
+         *nextptr++ = *inptr++;
+-    for (i = 1; i < imagelength; ++i)
++    for (i = 0; i < imagelength; ++i)
+     {
+         tmpptr = thisline;
+         thisline = nextline;
+@@ -146,7 +146,7 @@ static int fsdither(TIFF *in, TIFF *out)
+                     nextptr[0] += v / 16;
+             }
+         }
+-        if (TIFFWriteScanline(out, outline, i - 1, 0) < 0)
++        if (TIFFWriteScanline(out, outline, i, 0) < 0)
+             goto skip_on_error;
+     }
+     goto exit_label;
+diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c
+index 02b0bc2b4..f6cf26c2c 100644
+--- a/tools/tiffmedian.c
++++ b/tools/tiffmedian.c
+@@ -917,7 +917,7 @@ static void quant_fsdither(TIFF *in, TIFF *out)
+     outline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
+ 
+     GetInputLine(in, 0, goto bad); /* get first line */
+-    for (i = 1; i <= imagelength; ++i)
++    for (i = 0; i <= imagelength; ++i)
+     {
+         SWAP(short *, thisline, nextline);
+         lastline = (i >= imax);
+@@ -997,7 +997,7 @@ static void quant_fsdither(TIFF *in, TIFF *out)
+                 nextptr += 3;
+             }
+         }
+-        if (TIFFWriteScanline(out, outline, i - 1, 0) < 0)
++        if (TIFFWriteScanline(out, outline, i, 0) < 0)
+             break;
+     }
+ bad:
+-- 
+GitLab
+
+
+From ce46f002eca4148497363f80fab33f9396bcbeda Mon Sep 17 00:00:00 2001
+From: Lee Howard <faxguy@howardsilvan.com>
+Date: Sat, 24 May 2025 21:25:16 -0700
+Subject: [PATCH 2/3] Fix tiffmedian bug #707
+
+---
+ tools/tiffmedian.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c
+index f6cf26c2c..8c9978bab 100644
+--- a/tools/tiffmedian.c
++++ b/tools/tiffmedian.c
+@@ -414,7 +414,10 @@ static void get_histogram(TIFF *in, Colorbox *box)
+     for (i = 0; i < imagelength; i++)
+     {
+         if (TIFFReadScanline(in, inputline, i, 0) <= 0)
+-            break;
++        {
++            fprintf(stderr, "Error reading scanline\n");
++            exit(EXIT_FAILURE);
++        }
+         inptr = inputline;
+         for (j = imagewidth; j-- > 0;)
+         {
+-- 
+GitLab
+
+
+From ecc4ddbf1f0fed7957d1e20361e37f01907898e0 Mon Sep 17 00:00:00 2001
+From: Lee Howard <faxguy@howardsilvan.com>
+Date: Sat, 24 May 2025 21:38:09 -0700
+Subject: [PATCH 3/3] conflict resolution
+
+---
+ tools/tiffmedian.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c
+index 8c9978bab..47e0524bc 100644
+--- a/tools/tiffmedian.c
++++ b/tools/tiffmedian.c
+@@ -920,7 +920,7 @@ static void quant_fsdither(TIFF *in, TIFF *out)
+     outline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
+ 
+     GetInputLine(in, 0, goto bad); /* get first line */
+-    for (i = 0; i <= imagelength; ++i)
++    for (i = 0; i < imagelength; ++i)
+     {
+         SWAP(short *, thisline, nextline);
+         lastline = (i >= imax);
+-- 
+GitLab
+
diff --git a/CVE-2025-8177.patch b/CVE-2025-8177.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9f7f1e323a3ab92ce13e84155aa4f3ec4530e107
--- /dev/null
+++ b/CVE-2025-8177.patch
@@ -0,0 +1,60 @@
+From 75d8eca6f106c01aadf76b8500a7d062b12f2d82 Mon Sep 17 00:00:00 2001
+From: Lee Howard <faxguy@howardsilvan.com>
+Date: Thu, 19 Jun 2025 11:51:33 -0700
+Subject: [PATCH 1/2] Fix for thumbnail issue #715
+
+---
+ tools/thumbnail.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/tools/thumbnail.c b/tools/thumbnail.c
+index 9cade913..63e6fad7 100644
+--- a/tools/thumbnail.c
++++ b/tools/thumbnail.c
+@@ -620,7 +620,15 @@ static void setrow(uint8_t *row, uint32_t nrows, const uint8_t *rows[])
+             }
+             acc += bits[*src & mask1];
+         }
+-        *row++ = cmap[(255 * acc) / area];
++        if (255 * acc / area < 256)
++        {
++            *row++ = cmap[(255 * acc) / area];
++        }
++        else
++        {
++            fprintf(stderr, "acc=%d, area=%d\n", acc, area);
++            row++;
++        }
+     }
+ }
+ 
+-- 
+GitLab
+
+
+From e8c9d6c616b19438695fd829e58ae4fde5bfbc22 Mon Sep 17 00:00:00 2001
+From: Lee Howard <faxguy@howardsilvan.com>
+Date: Mon, 23 Jun 2025 10:09:07 -0700
+Subject: [PATCH 2/2] set a default value - assumes cmap[0] was not, itself,
+ uninitialized
+
+---
+ tools/thumbnail.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/thumbnail.c b/tools/thumbnail.c
+index 63e6fad7..7e21f521 100644
+--- a/tools/thumbnail.c
++++ b/tools/thumbnail.c
+@@ -627,7 +627,7 @@ static void setrow(uint8_t *row, uint32_t nrows, const uint8_t *rows[])
+         else
+         {
+             fprintf(stderr, "acc=%d, area=%d\n", acc, area);
+-            row++;
++            *row++ = cmap[0];
+         }
+     }
+ }
+-- 
+GitLab
+
diff --git a/libtiff.spec b/libtiff.spec
index 76fbf02b67a639f13a4c0aadd1e7d18d422e5422..8a2e3c248af57b235a2d5ef19f76a9b4060d2735 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,10 +1,14 @@
 Name:           libtiff
 Version:        4.7.0
-Release:        1
+Release:        2
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://libtiff.gitlab.io/libtiff/
 Source0:        https://download.osgeo.org/libtiff/tiff-%{version}.tar.xz
+# https://gitlab.com/libtiff/libtiff/-/merge_requests/727
+Patch6001:      CVE-2025-8176.patch
+# https://gitlab.com/libtiff/libtiff/-/merge_requests/737
+Patch6002:      CVE-2025-8177.patch
 
 BuildRequires:  gcc gcc-c++
 BuildRequires:  zlib-devel
@@ -116,6 +120,9 @@ LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH %make_build check
 %doc TODO ChangeLog doc
 
 %changelog
+* Sat Jul 26 2025 Funda Wang <fundawang@yeah.net> - 4.7.0-2
+- fix CVE-2025-8176, CVE-2025-8177
+
 * Wed Sep 18 2024 Funda Wang <fundawang@yeah.net> - 4.7.0-1
 - update to 4.7.0
 
diff --git a/tiff-4.7.0.tar.xz b/tiff-4.7.0.tar.xz
index 60e54134ea6599c59afb96b568669061cd20929d..1439cc3075dba7e543fde899258b09d7b8b9a31b 100644
Binary files a/tiff-4.7.0.tar.xz and b/tiff-4.7.0.tar.xz differ