diff --git a/backport-CVE-2022-1355.patch b/backport-CVE-2022-1355.patch
new file mode 100644
index 0000000..20d7258
--- /dev/null
+++ b/backport-CVE-2022-1355.patch
@@ -0,0 +1,56 @@
+From fb1db384959698edd6caeea84e28253d272a0f96 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sat, 2 Apr 2022 22:33:31 +0200
+Subject: [PATCH] tiffcp: avoid buffer overflow in "mode" string (fixes #400)
+
+---
+ tools/tiffcp.c | 25 ++++++++++++++++++++-----
+ 1 file changed, 20 insertions(+), 5 deletions(-)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 1c81322..83b3910 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -247,19 +247,34 @@ main(int argc, char* argv[])
+ 			deftilewidth = atoi(optarg);
+ 			break;
+ 		case 'B':
+-			*mp++ = 'b'; *mp = '\0';
++			if (strlen(mode) < (sizeof(mode) - 1))
++			{
++				*mp++ = 'b'; *mp = '\0';
++			}
+ 			break;
+ 		case 'L':
+-			*mp++ = 'l'; *mp = '\0';
++			if (strlen(mode) < (sizeof(mode) - 1))
++			{
++				*mp++ = 'l'; *mp = '\0';
++			}
+ 			break;
+ 		case 'M':
+-			*mp++ = 'm'; *mp = '\0';
++			if (strlen(mode) < (sizeof(mode) - 1))
++			{
++				*mp++ = 'm'; *mp = '\0';
++			}
+ 			break;
+ 		case 'C':
+-			*mp++ = 'c'; *mp = '\0';
++			if (strlen(mode) < (sizeof(mode) - 1))
++			{
++				*mp++ = 'c'; *mp = '\0';
++			}
+ 			break;
+ 		case '8':
+-			*mp++ = '8'; *mp = '\0';
++			if (strlen(mode) < (sizeof(mode)-1))
++			{
++				*mp++ = '8'; *mp = '\0';
++			}
+ 			break;
+ 		case 'x':
+ 			pageInSeq = 1;
+-- 
+2.27.0
+
diff --git a/libtiff.spec b/libtiff.spec
index f73b71b..881d0e8 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.1.0
-Release:        10
+Release:        11
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@@ -20,6 +20,7 @@ Patch6010:      backport-CVE-2022-0907.patch
 Patch6011:      backport-CVE-2022-0865.patch
 Patch6012:      backport-CVE-2022-0909.patch
 Patch6013:      backport-CVE-2022-0924.patch
+Patch6014:	backport-CVE-2022-1355.patch
 
 BuildRequires:  gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
 BuildRequires:  libtool automake autoconf pkgconfig git
@@ -126,6 +127,9 @@ find html -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/html/man/tiffgt.1.html
 
 %changelog
+* Wed May 18 2022 liuyumeng <liuyumeng5@h-partners.com> - 4.1.0-11
+- fix CVE-2022-1355
+
 * Sat Apr 02 2022 dongyuzhen <dongyuzhen@h-partners.com> - 4.1.0-10
 - fix CVE-2022-0909,CVE-2022-0924