diff --git a/CHANGES.rst b/CHANGES.rst
index a93d09809..cdd209940 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -12,7 +12,10 @@ Changelog (Pillow)
 since Pillow 4.3.0.
   [rickprice]
 
-- Fix CVE-2021-2791
+- Fix CVE-2021-27291
+  [rickprice]
+
+- Fix CVE-2021-25290
   [rickprice]
 
 - Fix CVE-2021-25291
diff --git a/Tests/images/crash-0c7e0e8e11ce787078f00b5b0ca409a167f070e0.tif b/Tests/images/crash-0c7e0e8e11ce787078f00b5b0ca409a167f070e0.tif
new file mode 100644
index 000000000..5275075e9
Binary files /dev/null and b/Tests/images/crash-0c7e0e8e11ce787078f00b5b0ca409a167f070e0.tif differ
diff --git a/Tests/images/crash-1185209cf7655b5aed8ae5e77784dfdd18ab59e9.tif b/Tests/images/crash-1185209cf7655b5aed8ae5e77784dfdd18ab59e9.tif
new file mode 100644
index 000000000..ecf7db38f
Binary files /dev/null and b/Tests/images/crash-1185209cf7655b5aed8ae5e77784dfdd18ab59e9.tif differ
diff --git a/Tests/images/crash-338516dbd2f0e83caddb8ce256c22db3bd6dc40f.tif b/Tests/images/crash-338516dbd2f0e83caddb8ce256c22db3bd6dc40f.tif
new file mode 100644
index 000000000..344d62b27
Binary files /dev/null and b/Tests/images/crash-338516dbd2f0e83caddb8ce256c22db3bd6dc40f.tif differ
diff --git a/Tests/images/crash-4f085cc12ece8cde18758d42608bed6a2a2cfb1c.tif b/Tests/images/crash-4f085cc12ece8cde18758d42608bed6a2a2cfb1c.tif
new file mode 100644
index 000000000..18197c15f
Binary files /dev/null and b/Tests/images/crash-4f085cc12ece8cde18758d42608bed6a2a2cfb1c.tif differ
diff --git a/Tests/images/crash-86214e58da443d2b80820cff9677a38a33dcbbca.tif b/Tests/images/crash-86214e58da443d2b80820cff9677a38a33dcbbca.tif
new file mode 100644
index 000000000..34e4f6014
Binary files /dev/null and b/Tests/images/crash-86214e58da443d2b80820cff9677a38a33dcbbca.tif differ
diff --git a/Tests/images/crash-f46f5b2f43c370fe65706c11449f567ecc345e74.tif b/Tests/images/crash-f46f5b2f43c370fe65706c11449f567ecc345e74.tif
new file mode 100644
index 000000000..c6774d459
Binary files /dev/null and b/Tests/images/crash-f46f5b2f43c370fe65706c11449f567ecc345e74.tif differ
diff --git a/docs/releasenotes/6.2.2.4.rst b/docs/releasenotes/6.2.2.4.rst
index 122230220..45a389be3 100644
--- a/docs/releasenotes/6.2.2.4.rst
+++ b/docs/releasenotes/6.2.2.4.rst
@@ -11,4 +11,6 @@ since Pillow 4.3.0.
 
 :cve: `CVE-2021-25291`: An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
 
+:cve: `CVE-2021-2791` : Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
 
+:cve: `CVE-2021-25290` : Fix negative size read in TiffDecode.c