diff --git a/backport-CVE-2023-2731.patch b/backport-CVE-2023-2731.patch
new file mode 100644
index 0000000..e946345
--- /dev/null
+++ b/backport-CVE-2023-2731.patch
@@ -0,0 +1,35 @@
+From 9be22b639ea69e102d3847dca4c53ef025e9527b Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 29 Apr 2023 12:20:46 +0200
+Subject: [PATCH] LZWDecode(): avoid crash when trying to read again from a
+ strip whith a missing end-of-information marker (fixes #548)
+
+Reference:https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b
+Conflict:NA
+---
+ libtiff/tif_lzw.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
+index ba75a07e..d631fa10 100644
+--- a/libtiff/tif_lzw.c
++++ b/libtiff/tif_lzw.c
+@@ -423,6 +423,10 @@ static int LZWDecode(TIFF *tif, uint8_t *op0, tmsize_t occ0, uint16_t s)
+ 
+     if (sp->read_error)
+     {
++        TIFFErrorExtR(tif, module,
++                      "LZWDecode: Scanline %" PRIu32 " cannot be read due to "
++                      "previous error",
++                      tif->tif_row);
+         return 0;
+     }
+ 
+@@ -742,6 +746,7 @@ static int LZWDecode(TIFF *tif, uint8_t *op0, tmsize_t occ0, uint16_t s)
+     return (1);
+ 
+ no_eoi:
++    sp->read_error = 1;
+     TIFFErrorExtR(tif, module,
+                   "LZWDecode: Strip %" PRIu32 " not terminated with EOI code",
+                   tif->tif_curstrip);
diff --git a/libtiff.spec b/libtiff.spec
index ab9959d..9239316 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.5.0
-Release:        3
+Release:        4
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@@ -10,6 +10,7 @@ Patch6000:      backport-CVE-2022-48281.patch
 Patch6001:	backport-0001-CVE-2023-0795-0796-0797-0798-0799.patch
 Patch6002:	backport-0002-CVE-2023-0795-0796-0797-0798-0799.patch
 Patch6003:	backport-CVE-2023-0800-0801-0802-0803-0804.patch
+Patch6004:	backport-CVE-2023-2731.patch
 
 BuildRequires:  gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
 BuildRequires:  libtool automake autoconf pkgconfig
@@ -129,6 +130,9 @@ find doc -name 'Makefile*' | xargs rm
 %exclude %{_mandir}/man1/*
 
 %changelog
+* Wed May 24 2023 zhangpan <zhangpan103@h-partners.com> - 4.5.0-4
+- fix CVE-2023-2731
+
 * Thu Feb 20 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 4.5.0-3
 - delete old so files