Hello World

Specializing in Fuzzing, Vulnerability Research, Reverse Engineering, and Binary Analysis.

My current focus involves Operating Systems, Trusted Execution Environments (TEEs), AI frameworks, Open Source Security, and Database Security, among other areas.

---

Below is a list of vulnerabilities that I have identified and reported to vendors:

Please note that, in accordance with company policy, records of vulnerabilities discovered after August 2022 will not be updated.

Year – 2021

Chromium:

• CVE-2021-37972 : Out of bounds read in libjpeg-turbo

LibRaw:

• CVE-2021-38236 : heap-buffer-overflow in raw2image.cpp
• CVE-2021-38235 : heap-buffer-overflow in fp_dng.cpp

北京数科网维技术有限责任公司 OFD 版式阅读器:

• CNVD-2021-102082, CNNVD-202111-2224, CNNVD-202111-2225 : Integer Overflow to Buffer Overflow in pdfdom.dll
• CNVD-2022-00039, CNVD-2022-00040, CNVD-2022-00041, CNVD-2022-00042, CNVD-2022-00043, CNVD-2022-00044, CNVD-2022-00045, CNVD-2022-00046, CNVD-2022-00047, CNVD-2022-00048 Uncontrolled Resource Consumption in suwellofdapp.exe
• CNVD-2022-00049 : Arbitrary Address Access in swd20.dll

Year – 2022

Chromium:

• Issue 1312736, Issue 1327884 : null-dereference in PDFium

• Issue 1314658 : heap-use-after-free in PDFium CPDFSDK_AppStream::Write