diff --git a/Tests/images/crash-0c7e0e8e11ce787078f00b5b0ca409a167f070e0.tif b/Tests/images/crash-0c7e0e8e11ce787078f00b5b0ca409a167f070e0.tif
new file mode 100644
index 000000000..5275075e9
Binary files /dev/null and b/Tests/images/crash-0c7e0e8e11ce787078f00b5b0ca409a167f070e0.tif differ
diff --git a/Tests/images/crash-1185209cf7655b5aed8ae5e77784dfdd18ab59e9.tif b/Tests/images/crash-1185209cf7655b5aed8ae5e77784dfdd18ab59e9.tif
new file mode 100644
index 000000000..ecf7db38f
Binary files /dev/null and b/Tests/images/crash-1185209cf7655b5aed8ae5e77784dfdd18ab59e9.tif differ
diff --git a/Tests/images/crash-338516dbd2f0e83caddb8ce256c22db3bd6dc40f.tif b/Tests/images/crash-338516dbd2f0e83caddb8ce256c22db3bd6dc40f.tif
new file mode 100644
index 000000000..344d62b27
Binary files /dev/null and b/Tests/images/crash-338516dbd2f0e83caddb8ce256c22db3bd6dc40f.tif differ
diff --git a/Tests/images/crash-4f085cc12ece8cde18758d42608bed6a2a2cfb1c.tif b/Tests/images/crash-4f085cc12ece8cde18758d42608bed6a2a2cfb1c.tif
new file mode 100644
index 000000000..18197c15f
Binary files /dev/null and b/Tests/images/crash-4f085cc12ece8cde18758d42608bed6a2a2cfb1c.tif differ
diff --git a/Tests/images/crash-86214e58da443d2b80820cff9677a38a33dcbbca.tif b/Tests/images/crash-86214e58da443d2b80820cff9677a38a33dcbbca.tif
new file mode 100644
index 000000000..34e4f6014
Binary files /dev/null and b/Tests/images/crash-86214e58da443d2b80820cff9677a38a33dcbbca.tif differ
diff --git a/Tests/images/crash-f46f5b2f43c370fe65706c11449f567ecc345e74.tif b/Tests/images/crash-f46f5b2f43c370fe65706c11449f567ecc345e74.tif
new file mode 100644
index 000000000..c6774d459
Binary files /dev/null and b/Tests/images/crash-f46f5b2f43c370fe65706c11449f567ecc345e74.tif differ
diff --git a/Tests/test_tiff_crashes.py b/Tests/test_tiff_crashes.py
index eb2533466..4e68c5c55 100644
--- a/Tests/test_tiff_crashes.py
+++ b/Tests/test_tiff_crashes.py
@@ -24,8 +24,14 @@ from .helper import on_ci
         "Tests/images/crash_1.tif",
         "Tests/images/crash_2.tif",
         "Tests/images/crash-2020-10-test.tif",
-        "Tests/images/crash-1152ec2d1a1a71395b6f2ce6721c38924d025bf3.tif",
+        "Tests/images/crash-0c7e0e8e11ce787078f00b5b0ca409a167f070e0.tif",
         "Tests/images/crash-0e16d3bfb83be87356d026d66919deaefca44dac.tif",
+        "Tests/images/crash-1152ec2d1a1a71395b6f2ce6721c38924d025bf3.tif",
+        "Tests/images/crash-1185209cf7655b5aed8ae5e77784dfdd18ab59e9.tif",
+        "Tests/images/crash-338516dbd2f0e83caddb8ce256c22db3bd6dc40f.tif",
+        "Tests/images/crash-4f085cc12ece8cde18758d42608bed6a2a2cfb1c.tif",
+        "Tests/images/crash-86214e58da443d2b80820cff9677a38a33dcbbca.tif",
+        "Tests/images/crash-f46f5b2f43c370fe65706c11449f567ecc345e74.tif",
     ],
 )
 @pytest.mark.filterwarnings("ignore:Possibly corrupt EXIF data")
diff --git a/src/libImaging/TiffDecode.c b/src/libImaging/TiffDecode.c
index 2f92824c3..099f9ea65 100644
--- a/src/libImaging/TiffDecode.c
+++ b/src/libImaging/TiffDecode.c
@@ -55,6 +55,10 @@ _tiffReadProc(thandle_t hdata, tdata_t buf, tsize_t size) {
     TRACE(("_tiffReadProc: %d \n", (int)size));
     dump_state(state);
 
+    if (state->loc > state->eof) {
+        TIFFError("_tiffReadProc", "Invalid Read at loc %d, eof: %d", state->loc, state->eof);
+        return 0;
+    }
     to_read = min(size, min(state->size, (tsize_t)state->eof) - (tsize_t)state->loc);
     TRACE(("to_read: %d\n", (int)to_read));