diff --git a/tiff-4.0.4-uninitialized_mem_NeXTDecode.patch b/tiff-4.0.4-uninitialized_mem_NeXTDecode.patch
new file mode 100644
index 0000000..1c4b9ef
--- /dev/null
+++ b/tiff-4.0.4-uninitialized_mem_NeXTDecode.patch
@@ -0,0 +1,36 @@
+--- libtiff/tif_next.c	29 Dec 2014 12:09:11 -0000	1.16
++++ libtiff/tif_next.c	27 Dec 2015 16:55:20 -0000	1.17
+@@ -37,7 +37,7 @@
+ 	case 0:	op[0]  = (unsigned char) ((v) << 6); break;	\
+ 	case 1:	op[0] |= (v) << 4; break;	\
+ 	case 2:	op[0] |= (v) << 2; break;	\
+-	case 3:	*op++ |= (v);	   break;	\
++	case 3:	*op++ |= (v);	   op_offset++; break;	\
+ 	}					\
+ }
+ 
+@@ -106,6 +106,7 @@
+ 			uint32 imagewidth = tif->tif_dir.td_imagewidth;
+             if( isTiled(tif) )
+                 imagewidth = tif->tif_dir.td_tilewidth;
++            tmsize_t op_offset = 0;
+ 
+ 			/*
+ 			 * The scanline is composed of a sequence of constant
+@@ -122,10 +123,15 @@
+ 				 * bounds, potentially resulting in a security
+ 				 * issue.
+ 				 */
+-				while (n-- > 0 && npixels < imagewidth)
++				while (n-- > 0 && npixels < imagewidth && op_offset < scanline)
+ 					SETPIXEL(op, grey);
+ 				if (npixels >= imagewidth)
+ 					break;
++                if (op_offset >= scanline ) {
++                    TIFFErrorExt(tif->tif_clientdata, module, "Invalid data for scanline %ld",
++                        (long) tif->tif_row);
++                    return (0);
++                }
+ 				if (cc == 0)
+ 					goto bad;
+ 				n = *bp++, cc--;
diff --git a/tiff.changes b/tiff.changes
index 2e3ae43..9b70785 100644
--- a/tiff.changes
+++ b/tiff.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jan 11 13:53:42 UTC 2016 - kstreitova@suse.com
+
+- add tiff-4.0.4-uninitialized_mem_NeXTDecode.patch to fix
+  uninitialized memory in NeXTDecode (upstream bug #2508)
+  [bnc#942690]
+
 -------------------------------------------------------------------
 Tue Dec  8 15:55:30 UTC 2015 - p.drouand@gmail.com
 
diff --git a/tiff.spec b/tiff.spec
index f7f9988..0137efb 100644
--- a/tiff.spec
+++ b/tiff.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package tiff
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -29,13 +29,12 @@ Source3:        baselibs.conf
 Patch0:         tiff-4.0.3-seek.patch
 # http://bugzilla.maptools.org/show_bug.cgi?id=2442
 Patch1:         tiff-4.0.3-compress-warning.patch
+# http://bugzilla.maptools.org/show_bug.cgi?id=2508
+Patch2:         tiff-4.0.4-uninitialized_mem_NeXTDecode.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libjpeg-devel
 BuildRequires:  libtool
 BuildRequires:  zlib-devel
-# FYI: this issue is solved another way
-# http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
-# Patch9:         tiff-%{version}-lzw-CVE-2009-2285.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if 0%{?suse_version} > 1030
 BuildRequires:  lzma-devel
@@ -94,6 +93,7 @@ the libtiff library.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2
 
 %build
 CFLAGS="%{optflags} -fPIE"