Iām a researcher in the field of software engineering. I mainly focus on software testing. I have successfully found more than 20 bugs in PDF readers such as Adobe Acrobat Reader and Foxit PDF Reader and and have assisted developers in fixing them. I hope I can help developers to write more secure code.
Iām going to UC Santa Barbara for my PhD degree.
š„ News
- 2022.12: Ā šš One paper is accepted by ICSE 2023!
š Publications
Operand-Variation-Oriented Differential Analysis for Fuzzing Binding Calls in PDF Readers
Suyue Guo, Xinyu Wang, Wei You, Bin Liang, Wenchang Shi, Yiwei Zhang, Jianjun Huang, Jian Zhang
- Artifact Evaluated with Reusable and Available badges.
š Honors and Awards
- 2020.11 National Scholarship(the highest honor for Chinese undergraduates).
- 2021 Defcon World Final 7th(with Nu1L Team).
I have found more than 20 bugs in the Javascript engine of PDF readers(e.g. Adobe Acrobat Reader and Foxit PDF Reader) and my work has been acknowledged by the vendors. You can find acknowledgement of me on bulletins of Adobe and Foxit.
ID | Type | Product | Ref Link |
---|---|---|---|
CVE-2022-34234 | UAF | Adobe Acrobat Reader | APSB22-32 |
CVE-2022-34873 | OOB Read | Foxit PDF Reader | ZDI-22-952 |
CVE-2022-28682 | OOB Read | Foxit PDF Reader | ZDI-22-773 |
CVE-2022-28683 | UAF | Foxit PDF Reader | ZDI-22-774 |
CVE-2022-37379 | UAF | Foxit PDF Reader | ZDI-22-1051 |
CVE-2022-37383 | OOB Read | Foxit PDF Reader | ZDI-22-1055 |
CVE-2022-37380 | OOB Read | Foxit PDF Reader | ZDI-22-1052 |
CVE-2022-37381 | Memory Corruption | Foxit PDF Reader | ZDI-22-1053 |
CVE-2022-37350 | OOB Read | PDF-XChange Editor | ZDI-22-1078 |
CVE-2022-37349 | OOB Read | PDF-XChange Editor | ZDI-22-1076 |
CVE-2022-34874 | OOB Read | Foxit PDF Reader | ZDI-22-951 |
CVE-2023-39487 | OOB Read | PDF-XChange Editor | ZDI-23-1126 |
CVE-2023-27366 | UAF | Foxit PDF Reader | ZDI-23-494 |
š Educations
- 2017.09 - 2021.06, B.E., School of Information, Remin University of China.
š» Experience
- Teaching Assistant, Renmin University of China.
- 2019 Summer, Programming Training.
- 2020 Fall, Software Security Analysis.
- 2021 Fall, Secure Programmming.
- 2022 Fall, Software Security Analysis and Testing.