Hello World

Dedicated to vulnerability research at Ant Security Light-Year Lab, with a current focus on LLM Security and its intersection with traditional binary and system-level security.


This is my ongoing security research journey — a public log of vulnerabilities reported to and acknowledged by vendors, alongside awards, public contributions, and work in progress.

Work conducted under NDA or as internal corporate research — including during my tenure at Huawei (2022.08–2025.04) — is excluded from this chronicle, per disclosure and publication restrictions.

Year – 2021

Chromium:

  • CVE-2021-37972 : Out-of-bounds read in libjpeg-turbo

LibRaw:

  • CVE-2021-38236 : Heap-buffer-overflow in raw2image.cpp
  • CVE-2021-38235 : Heap-buffer-overflow in fp_dng.cpp

数科OFD阅读器:

  • CNVD-2021-102082, CNNVD-202111-2224, CNNVD-202111-2225 : Integer overflow leading to buffer overflow in pdfdom.dll
  • CNVD-2022-00039–00048 : Uncontrolled resource consumption in suwellofdapp.exe
  • CNVD-2022-00049 : Arbitrary address access in swd20.dll

Year – 2022

Chromium:

  • Issue 1312736, Issue 1327884 : Null-dereference in PDFium

  • Issue 1314658 : Heap-use-after-free in PDFium CPDFSDK_AppStream::Write

Year – 2025

Tianwang Cup (National AI Security Challenge):

  • 1st Place, Large Language Model Track


Hello World
https://mundi-xu.github.io/2018/10/25/hello-world/
Author
煊宇
Posted on
October 25, 2018
Licensed under