Hello World
Dedicated to vulnerability research at Ant Security Light-Year Lab, with a current focus on LLM Security and its intersection with traditional binary and system-level security.
This is my ongoing security research journey — a public log of vulnerabilities reported to and acknowledged by vendors, alongside awards, public contributions, and work in progress.
Work conducted under NDA or as internal corporate research — including during my tenure at Huawei (2022.08–2025.04) — is excluded from this chronicle, per disclosure and publication restrictions.
Year – 2021
Chromium:
- CVE-2021-37972 : Out-of-bounds read in libjpeg-turbo
LibRaw:
- CVE-2021-38236 : Heap-buffer-overflow in raw2image.cpp
- CVE-2021-38235 : Heap-buffer-overflow in fp_dng.cpp
数科OFD阅读器:
- CNVD-2021-102082, CNNVD-202111-2224, CNNVD-202111-2225 : Integer overflow leading to buffer overflow in pdfdom.dll
- CNVD-2022-00039–00048 : Uncontrolled resource consumption in suwellofdapp.exe
- CNVD-2022-00049 : Arbitrary address access in swd20.dll
Year – 2022
Chromium:
Issue 1312736, Issue 1327884 : Null-dereference in PDFium
Issue 1314658 : Heap-use-after-free in PDFium CPDFSDK_AppStream::Write
Year – 2025
Tianwang Cup (National AI Security Challenge):
- 1st Place, Large Language Model Track