diff --git a/CVE-2022-0561_and_CVE-2022-0562.patch b/CVE-2022-0561_and_CVE-2022-0562.patch
new file mode 100644
index 0000000000000000000000000000000000000000..948b05779f9365284d28bd91af26838ecdcac36a
--- /dev/null
+++ b/CVE-2022-0561_and_CVE-2022-0562.patch
@@ -0,0 +1,25 @@
+diff -Npur opencv-4.5.2/3rdparty/libtiff/tif_dirread.c opencv-4.5.2-new/3rdparty/libtiff/tif_dirread.c
+--- opencv-4.5.2/3rdparty/libtiff/tif_dirread.c	2021-04-02 19:23:54.000000000 +0800
++++ opencv-4.5.2-new/3rdparty/libtiff/tif_dirread.c	2022-05-21 14:44:25.639756094 +0800
+@@ -4173,7 +4173,8 @@ TIFFReadDirectory(TIFF* tif)
+                     goto bad;
+                 }
+ 
+-                memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
++				if (old_extrasamples > 0)
++                    memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
+                 _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
+                 _TIFFfree(new_sampleinfo);
+         }
+@@ -5765,8 +5766,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEn
+ 			_TIFFfree(data);
+ 			return(0);
+ 		}
+-                _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
+-                _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
++		if( dir->tdir_count )
++			_TIFFmemcpy(resizeddata,data, (uint32)dir->tdir_count * sizeof(uint64));
++		_TIFFmemset(resizeddata+(uint32)dir->tdir_count, 0, (nstrips - (uint32)dir->tdir_count) * sizeof(uint64));
+ 		_TIFFfree(data);
+ 		data=resizeddata;
+ 	}
diff --git a/CVE-2022-0908.patch b/CVE-2022-0908.patch
new file mode 100644
index 0000000000000000000000000000000000000000..53f29746d757d8af0e3df00840b2dcc99acd8197
--- /dev/null
+++ b/CVE-2022-0908.patch
@@ -0,0 +1,15 @@
+diff -Npur opencv-4.5.2/3rdparty/libtiff/tif_dirread.c opencv-4.5.2-new/3rdparty/libtiff/tif_dirread.c
+--- opencv-4.5.2/3rdparty/libtiff/tif_dirread.c	2021-04-02 19:23:54.000000000 +0800
++++ opencv-4.5.2-new/3rdparty/libtiff/tif_dirread.c	2022-05-21 14:36:31.761285562 +0800
+@@ -5079,7 +5079,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEnt
+ 								_TIFFfree(data);
+ 							return(0);
+ 						}
+-						_TIFFmemcpy(o,data,(uint32)dp->tdir_count);
++						if (dp->tdir_count > 0 )
++						{
++							_TIFFmemcpy(o,data,(uint32)dp->tdir_count);
++						}
+ 						o[(uint32)dp->tdir_count]=0;
+ 						if (data!=0)
+ 							_TIFFfree(data);
diff --git a/opencv.spec b/opencv.spec
index 6df5d6e52363b9f1fc52c537704a9334f15bcd02..854fca92cb7d1c2f5cee673b637ae372ffeb1c19 100644
--- a/opencv.spec
+++ b/opencv.spec
@@ -1,6 +1,6 @@
 Name:		opencv
 Version:	4.5.2
-Release:	6
+Release:	7
 Summary:	OpenCV means Intel® Open Source Computer Vision Library.
 License:	Apache-2.0
 URL:		https://github.com/opencv/opencv
@@ -14,6 +14,8 @@ Source6:    opencv_extra-4.5.2.tar.gz.ae
 Patch1:     Fix-OpenCV-build-with-OpenEXR-before-2.2.0.patch
 Patch2:     Fix_compilation_of_copy_assignment_operators_with_GCC.patch
 Patch3:     Repair_clang_abi.patch
+Patch4:     CVE-2022-0561_and_CVE-2022-0562.patch
+Patch5:     CVE-2022-0908.patch
 BuildRequires:	gcc-c++ gcc autoconf pkgconfig protobuf-compiler protobuf
 BuildRequires:  cmake
 BuildRequires:  python3-numpy python3-devel
@@ -89,6 +91,9 @@ make install DESTDIR=%{buildroot}
 %{python3_sitelib}/cv2/*
 
 %changelog
+* Thu Nov 05 2022 shenwei <shenwei41@huawei.com> - 4.5.2-7
+- fix three cve bug of the opencv
+
 * Thu Jan 28 2022 douyan <douyan@kylinos.cn> - 4.5.2-6
 - add pkgconfig file