Hello World

Last updated on a month ago

Focused on Fuzzing, Vulnerability Research, Reversing & Binary analysis.

Current work direction mainly includes Operating System, TEE, AI framework and Open Source Security, etc...

Following are list of vulnerabilities which i found and reported to vendors:

Due to company policy, the records of vulnerabilities discovered after August 2022 will not be updated.

Year – 2021

Chromium:

  • CVE-2021-37972 : Out of bounds read in libjpeg-turbo

LibRaw:

  • CVE-2021-38236 : heap-buffer-overflow in raw2image.cpp
  • CVE-2021-38235 : heap-buffer-overflow in fp_dng.cpp

北京数科网维技术有限责任公司 OFD 版式阅读器:

  • CNVD-2021-102082, CNNVD-202111-2224, CNNVD-202111-2225 : Integer Overflow to Buffer Overflow in pdfdom.dll
  • CNVD-2022-00039, CNVD-2022-00040, CNVD-2022-00041, CNVD-2022-00042, CNVD-2022-00043, CNVD-2022-00044, CNVD-2022-00045, CNVD-2022-00046, CNVD-2022-00047, CNVD-2022-00048 Uncontrolled Resource Consumption in suwellofdapp.exe
  • CNVD-2022-00049 : Arbitrary Address Access in swd20.dll

Year – 2022

Chromium:

  • Issue 1312736, Issue 1327884 : null-dereference in PDFium

  • Issue 1314658 : heap-use-after-free in PDFium CPDFSDK_AppStream::Write

#Security #about me
Hello World
https://mundi-xu.github.io/2018/10/25/hello-world/
Author
寒雨
Posted on
October 25, 2018
Licensed under