Hello World

Dedicated to vulnerability research and security assessment with a focus on LLM security and system security, alongside expertise in distributed databases, compilers and programming languages, cloud distributed software, and network middleware, among other areas.

---

Below is a list of vulnerabilities that I have identified and reported to vendors:

Please note that, in accordance with Huawei company policy, records of vulnerabilities discovered after August 2022 will not be updated.

Year – 2021

Chromium:

• CVE-2021-37972 : Out of bounds read in libjpeg-turbo

LibRaw:

• CVE-2021-38236 : heap-buffer-overflow in raw2image.cpp
• CVE-2021-38235 : heap-buffer-overflow in fp_dng.cpp

北京数科网维技术有限责任公司 OFD 版式阅读器:

• CNVD-2021-102082, CNNVD-202111-2224, CNNVD-202111-2225 : Integer Overflow to Buffer Overflow in pdfdom.dll
• CNVD-2022-00039, CNVD-2022-00040, CNVD-2022-00041, CNVD-2022-00042, CNVD-2022-00043, CNVD-2022-00044, CNVD-2022-00045, CNVD-2022-00046, CNVD-2022-00047, CNVD-2022-00048 Uncontrolled Resource Consumption in suwellofdapp.exe
• CNVD-2022-00049 : Arbitrary Address Access in swd20.dll

Year – 2022

Chromium:

• Issue 1312736, Issue 1327884 : null-dereference in PDFium

• Issue 1314658 : heap-use-after-free in PDFium CPDFSDK_AppStream::Write

---