diff --git a/tiff-CVE-2016-10271.patch b/tiff-CVE-2016-10271.patch
new file mode 100644
index 0000000..919cb82
--- /dev/null
+++ b/tiff-CVE-2016-10271.patch
@@ -0,0 +1,11 @@
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -3698,7 +3698,7 @@ static int readContigStripsIntoBuffer (TIFF* in, uint8* buf)
+                                   (unsigned long) strip, (unsigned long)rows);
+                         return 0;
+                 }
+-                bufp += bytes_read;
++                bufp += stripsize;
+         }
+ 
+         return 1;
diff --git a/tiff.changes b/tiff.changes
index ad0aa7b..268f073 100644
--- a/tiff.changes
+++ b/tiff.changes
@@ -24,6 +24,11 @@ Wed Mar 29 07:55:02 UTC 2017 - fstrba@suse.com
       attackers to cause a denial of service (heap-based buffer
       over-read) or possibly have unspecified other impact via a
       crafted TIFF image (bsc#1031250)
+  * tiff-CVE-2016-10271.patch
+    + Upstream fix for CVE-2016-10271, LibTIFF 4.0.7 allows remote
+	  attackers to cause a denial of service (heap-based buffer
+	  over-read and buffer overflow) or possibly have unspecified
+	  other impact via a crafted TIFF image (bsc#1031249)
   * tiff-CVE-2016-10272.patch
     + Upstream fix for CVE-2016-10272, LibTIFF 4.0.7 allows remote
 	  attackers to cause a denial of service (heap-based buffer
diff --git a/tiff.spec b/tiff.spec
index ce57f75..465f3e2 100644
--- a/tiff.spec
+++ b/tiff.spec
@@ -43,6 +43,7 @@ Patch7:         tiff-CVE-2016-10267.patch
 Patch8:         tiff-CVE-2016-10268.patch
 Patch9:         tiff-CVE-2016-10269.patch
 Patch10:        tiff-CVE-2016-10270.patch
+Patch11:        tiff-CVE-2016-10271.patch
 Patch12:        tiff-CVE-2016-10272.patch
 
 BuildRequires:  gcc-c++
@@ -115,6 +116,7 @@ the libtiff library.
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 %patch12 -p1
 
 %build