diff --git a/pkgs/development/libraries/libtiff/default.nix b/pkgs/development/libraries/libtiff/default.nix
index c8871a4ba68e8c6..bbe583126b0b7c4 100644
--- a/pkgs/development/libraries/libtiff/default.nix
+++ b/pkgs/development/libraries/libtiff/default.nix
@@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchFromGitLab
+, fetchpatch
 , nix-update-script
 
 , autoreconfHook
@@ -41,6 +42,18 @@ stdenv.mkDerivation (finalAttrs: {
     # libc++abi 11 has an `#include <version>`, this picks up files name
     # `version` in the project's include paths
     ./rename-version.patch
+    # https://gitlab.com/libtiff/libtiff/-/issues/622
+    (fetchpatch {
+      name = "CVE-2023-52356.patch";
+      url = "https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a.patch";
+      hash = "sha256-A1G23MEUS1AvoREcKFqoqV2sYtCqIMfzPaIIFpZNBWE=";
+    })
+    # https://gitlab.com/libtiff/libtiff/-/issues/624
+    (fetchpatch {
+      name = "CVE-2024-7006.patch";
+      url = "https://gitlab.com/libtiff/libtiff/-/commit/818fb8ce881cf839fbc710f6690aadb992aa0f9e.patch";
+      hash = "sha256-XbRQtNxbNMofKTbeTsbHBKv96KTKSGngCepWPIVWLH4=";
+    })
   ];
 
   postPatch = ''