Curriculum Vitae

Contact Information

Institution: Guangzhou Institute of Technology, Xidian University
Address: Guangzhou, Guangdong, China, 510530
Email: wencheng@xidian.edu.cn
Tel: 86-136*****1672
Homepage: https://wcventure.github.io

Education

ShenZhen University, ShenZhen, China
- Ph.D in Computer science and technology
- September 2019 – December 2022
- Supervisor: Prof. Shengchao Qin
ShenZhen University, ShenZhen, China
- M.E. in Software Engineering
- September 2015 – June 2018
- Supervisor: Prof. Shengchao Qin
ShenZhen University, ShenZhen, China
- B.E. in Software Engineering
- September 2011 – June 2015

Work experience

Xidian University, Guangzhou, China
- Lecturer in Guangzhou Institute of Technology
- December 2022 – Now

Research Experiment

Huawei Technologies Co., Ltd, Dongguan, China
- Intern in Trustworthiness Testing Engineering Lab
- September 2021 – December 2022
- Duties included: Formal verification of Secure Boot Module.
Huawei Technologies Co., Ltd, Dongguan, China
- Intern in Data Communication Trustworthiness Enabling and IPD Dept
- September 2020 – March 2021
- Duties included: Formal verification of Secure Boot Module.
Nanyang Technological University, Singapore
- Visiting researcher
- July 2018 – September 2019
- Duties included: MemLock: Memory Usage Guided Fuzzing; Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities.
- Supervisor: Prof. Liu Yang
ShenZhen University, ShenZhen, China
- Research Assistant
- July 2018 – September 2019
- Duties included: Type Learning for Binaries and its Applications; Extracting Automata from Neural Networks Using Active Learning.
- Supervisor: Dr. Zhiwu Xu

Research Interests

Trusted & Intelligent Software Engineering
Artificial Intelligence for SE (AI4SE)
Software Analysis and Testing
Programming Languages
Cyber Security
Formal methods

Publications

You can also find my articles on my Google Scholar profile.

2024

Cheng Wen, Jialun Cao, Jie Su, Zhiwu Xu, Shengchao Qin, Mengda He, Haokun Li, Shing-Chi Cheung, Cong Tian.
Enchanting Program Specification Synthesis by Large Language Models using Static Analysis and Program Verification.
Accepted by 36th International Conference on Computer Aided Verification (CAV). Montreal, Canada, 22-27th July 2024.
Learn more at https://sites.google.com/view/autospecification/
PDF, DOI, Code
Zhiwu Xu, Bohao Wu, Cheng Wen, Bin Zhang, Shengchao Qin, Mengda He.
RPG: Rust Library Fuzzing with Pool-based Fuzz Target Generation and Generic Support.
IEEE/ACM 46th International Conference on Software Engineering (ICSE). Lisbon, Poptugal, 14-20th April 2024.
Learn more at https://sites.google.com/view/rust-rpg/
PDF, DOI, Code

2022

Cheng Wen, Mengda He, Bohao Wu, Zhiwu Xu and Shengchao Qin.
Controlled Concurrency Testing via Periodical Scheduling.
IEEE/ACM 44th International Conference on Software Engineering (ICSE). PA, USA, 21-29th May 2022.
ICSE'22 Artifact Evaluation Committee awarded reusable badge and available badge for PERIOD!
Learn more at https://sites.google.com/view/period-cct/
PDF, BibTex, DOI, Slides, DataSet, Video, Code

2021

Zhiwu Xu, Cheng Wen, Shengchao Qin and Mengda He.
Extracting automata from neural networks using active learning.
PeerJ Computer Science. April 2021.
PDF, BibTex, DOI

2020

Cheng Wen, Haijun Wang, Yuekang Li, Shengchao Qin, Yang Liu, Zhiwu Xu, Hongxu Chen, Xiaofei Xie, Geguang Pu and Ting Liu.
MemLock: Memory Usage Guided Fuzzing.
IEEE/ACM 42nd International Conference on Software Engineering (ICSE). Seoul, South Korea, 5-11th October 2020.
ICSE'20 Artifact Evaluation Committee awarded reusable badge and available badge for MemLock!
Learn more at https://wcventure.github.io/MemLock/
PDF, BibTex, DOI, Slides, DataSet, Video, Code
Haijun Wang, Xiaofei Xie, Yi Li, Cheng Wen, Yang Liu, Shengchao Qin, Hongxu Chen and Yulei Sui.
Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities.
IEEE/ACM 42nd International Conference on Software Engineering (ICSE). Seoul, South Korea, 5-11 October 2020.
Learn more at https://sites.google.com/view/uafl/
PDF, BibTex, DOI, Slides, DataSet

2019

Zhiwu Xu, Cheng Wen, and Shengchao Qin.
Type Learning for Binaries and its Applications.
IEEE Transactions on Reliability (Volume: 68:893-912, Issue:3, Sep 2019)
PDF, BibTex, DOI, Slides, DataSet, Code

2018

Zhiwu Xu, Xiongya Hu, Cheng Wen, and Shengchao Qin.
Extracting Automata from Neural Networks Using Active Learning.
National Conference on Formal Methods and Applications (FMAC). Chongqin, China. 3-4th Nov 2018.
Best Paper Award
PDF, BibTex, DOI
Zhiwu Xu, Cheng Wen, and Shengchao Qin.
State-taint analysis for detecting resource bugs.
Science of Computer Programming. Elsevier, 162:93-109, 15th Sep 2018.
PDF, BibTex, DOI

2017

Zhiwu Xu, Cheng Wen, Shengchao Qin and Zhong Ming.
Effective malware detection based on behaviour and data features.
International Conference on Smart Computing and Communication (SmartCom). Springer, Cham, Shenzhen, China. 12-14th Dec 2017.
Best Student Paper Award
PDF, BibTex, DOI, Slides, Code
Zhiwu Xu, Cheng Wen, and Shengchao Qin.
Learning types for binaries.
International Conference on Formal Engineering Methods (ICFEM). Springer, Cham, Xi'an, China. 13-17th Nov 2017.
PDF, BibTex, DOI, Slides, DataSet, Code

Misc

Pages: Cheng Wen, To be continue, A Collection of Fuzzing Related Papers.
Blog: Yuekang Li and Cheng Wen, To be continue, For A Better Understanding of AFL on Code Level.
Survey: Cheng Wen, Stop maintenance, A Quick Survey of Active Automata Learning.
Website: Cheng Wen, Stop maintenance, The Official Website of MemLock Fuzzer.

Practical Security Impact

CVE ID (73)

Vulnerability	Package	Program	Vulnerability Type
CVE-2022-26291	lrzip v0.641	lrzip	Concurrency Use-after-free
CVE-2020-36375	MJS 1.20.1	mjs	Stack-overflow
CVE-2020-36374	MJS 1.20.1	mjs	Stack-overflow
CVE-2020-36373	MJS 1.20.1	mjs	Stack-overflow
CVE-2020-36372	MJS 1.20.1	mjs	Stack-overflow
CVE-2020-36371	MJS 1.20.1	mjs	Stack-overflow
CVE-2020-36370	MJS 1.20.1	mjs	Stack-overflow
CVE-2020-36369	MJS 1.20.1	mjs	Stack-overflow
CVE-2020-36368	MJS 1.20.1	mjs	Stack-overflow
CVE-2020-36367	MJS 1.20.1	mjs	Stack-overflow
CVE-2020-36366	MJS 1.20.1	mjs	Stack-overflow
CVE-2020-18900	libyal before 20181128	libexe	Heap Buffer Overflow
CVE-2020-18899	Exiv2 0.27	exiv2	Uncontrolled Memory Allocation
CVE-2020-18898	Exiv2 0.27	exiv2	Stack-overflow
CVE-2020-18897	libyal before 2018112	libpff	Use-after-free
CVE-2020-18395	GNU Gama 2.04	gama	NULL Pointer Dereference
CVE-2020-18392	MJS 1.20.1	mjs	Stack-overflow
CVE-2020-18395	Binaryen 1.38.25	wasm-as	NULL Pointer Dereference
CVE-2020-18392	Binaryen 1.38.26	wasm-opt	Heap Buffer Overflow
CVE-2019-16166	GNU cflow 1.6	cflow	Heap Buffer Overflow
CVE-2019-16165	GNU cflow 1.6	cflow	Use-after-free
CVE-2019-15140	ImageMagick 7.0.8-43	convert	Use-after-free
CVE-2019-11471	libheif v1.4.0	heif-convert	Use-after-free
CVE-2019-7704	Binaryen 1.38.22	wasm-opt	Uncontrolled-memory-allocation
CVE-2019-7703	Binaryen 1.38.22	wasm-merge	Use-after-free
CVE-2019-7702	Binaryen 1.38.22	wasm-as	NULL pointer dereference
CVE-2019-7701	Binaryen 1.38.22	wasm2js	Heap Buffer-overflow
CVE-2019-7700	Binaryen 1.38.22	wasm-merge	Heap Buffer-overflow
CVE-2019-7699	Bento4 v1.5.1-627	avcinfo	Heap Buffer-overflow
CVE-2019-7698	Bento4 v1.5.1-627	mp4dump	Uncontrolled-memory-allocation
CVE-2019-7697	Bento4 v1.5.1-627	mp42hls	Assertion failed
CVE-2019-7665	Elfutils 0.175	eu-readelf	Heap Buffer-overflow
CVE-2019-7664	Elfutils 0.175	eu-elflint	negative-size in memcpy
CVE-2019-7663	Libtiff 4.0.10	tiffcp	Invalid Address Read
CVE-2019-7662	Binaryen 1.38.22	wasm-opt	Assertion failed
CVE-2019-7154	Binaryen 1.38.22	wasm2js	Heap Buffer-overflow
CVE-2019-7153	Binaryen 1.38.22	wasm-opt	NULL pointer dereference
CVE-2019-7152	Binaryen 1.38.22	wasm-opt	Heap Buffer-overflow
CVE-2019-7151	Binaryen 1.38.22	wasm-opt	NULL pointer dereference
CVE-2019-7150	Elfutils 0.175	eu-stack	Unknown Crash
CVE-2019-7149	Elfutils 0.175	eu-nm	Heap Buffer-overflow
CVE-2019-7148	Elfutils 0.175	eu-ar	Uncontrolled-memory-allocation
CVE-2019-7147	NASM 2.14rc16	nasm	Global Buffer-overflow
CVE-2019-7146	Elfutils 0.175	eu-readelf	Heap Buffer-overflow
CVE-2019-6293	Flex 2.6.4	flex	Stack-overflow
CVE-2019-6292	Yaml-cpp v0.6.2	prase	Stack-overflow
CVE-2019-6291	NASM 2.14.03rc1	nasm	Stack-overflow
CVE-2019-6290	NASM 2.14.03rc1	nasm	Stack-overflow
CVE-2018-20712	Binutils 2.31	c++filt	Heap Buffer-overflow
CVE-2018-20657	Binutils 2.31	c++filt	Memory Leak
CVE-2018-20652	Tinyexr v0.9.5	tinyexr	Uncontrolled-memory-allocation
CVE-2018-20651	Binutils 2.31	ld	Invalid Address Read
CVE-2018-20593	Mini Xml v2.1	mxmldoc	Stack Buffer-overflow
CVE-2018-20592	Mini Xml v2.1	mxmldoc	Use-after-free
CVE-2018-20591	libming v0.4.8	swftocxx	Heap Buffer-overflow
CVE-2018-20002	Binutils 2.31	nm	Memory Leak
CVE-2018-18701	Binutils 2.31	nm	Stack-overflow
CVE-2018-18700	Binutils 2.31	nm	Stack-overflow
CVE-2018-18607	Binutils 2.31	ld	NULL Pointer Dereference
CVE-2018-18606	Binutils 2.31	ld	NULL Pointer Dereference
CVE-2018-18605	Binutils 2.31	ld	Heap Buffer-overflow
CVE-2018-18521	Elfutils 0.174	eu-ranlib	Divide-by-zero
CVE-2018-18520	Elfutils 0.174	eu-size	Invalid Address Read
CVE-2018-18484	Binutils 2.31	c++filt	Stack-overflow
CVE-2018-18483	Binutils 2.31	c++filt	Uncontrolled-memory-allocation
CVE-2018-18310	Elfutils 0.174	eu-stack	Invalid Address Read
CVE-2018-18309	Binutils 2.31	objdump	Invalid Address Read
CVE-2018-17985	Binutils 2.31	c++filt	Stack-overflow
CVE-2018-17795	LibTIFF 4.0.9	tiff2pdf	Heap Buffer-overflow
CVE-2018-17794	Binutils 2.31	c++filt	NULL Pointer Dereference
CVE-2018-16403	Elfutils 0.173	eu-readelf	Heap Buffer-overflow
CVE-2018-16402	Elfutils 0.173	eu-nm	Double Free
CVE-2018-16062	Elfutils 0.173	eu-addr2line	Heap Buffer-overflow

Open Bugs Reported (132)

Package	Program	Bug Type	Reference
CBMC-5.45.0	cbmc	soundness issues	https://github.com/diffblue/cbmc/issues/6483
Wireshark v3.6.1rc0	wireshark	Use-of-uninitialized-value	https://gitlab.com/wireshark/wireshark/-/issues/17759
lrzip v0.641	lrzip	Use-after-free*	https://github.com/ckolivas/lrzip/issues/206
Axel 2.17.10	axel	Data Race	https://github.com/axel-download-accelerator/axel/issues/354
Axel 2.17.10	axel	Memory Leak	https://github.com/axel-download-accelerator/axel/issues/353
SVF	wpa	Assertion failed’	https://github.com/SVF-tools/SVF/issues/457
Aget	aget	Heap Buffer-overflow	https://github.com/EnderUNIX/Aget/issues/4
libming	listswf	Stack-overflow	https://github.com/libming/libming/issues/181
libsixel v1.8.2	sixel2png	Heap Buffer-overflow	https://github.com/saitoha/libsixel/issues/90
tinyexr 0.9.5	tinyexr	Heap Buffer-overflow	https://github.com/syoyo/tinyexr/issues/121
mjs 1.20.1	mjs	Stack-overflow*	https://github.com/cesanta/mjs/issues/106
mjs 1.20.1	mjs	Stack-overflow*	https://github.com/cesanta/mjs/issues/110
mupdf 1.15.0-rc1	muraster	Heap Buffer-overflow	https://bugs.ghostscript.com/show_bug.cgi?id=701034
mupdf 1.15.0-rc1	muraster	Use-after-free*	https://bugs.ghostscript.com/show_bug.cgi?id=701018
imagemagick 7.0.8-43	convert	Use-after-free*	https://github.com/ImageMagick/ImageMagick/issues/1554
libheif v1.4.0	heif-convert	Use-after-free*	https://github.com/strukturag/libheif/issues/123
libosip2-5.1.0	torture_test	Heap Buffer-overflow	https://savannah.gnu.org/bugs/index.php?56071
gama 2.04	gama-g3	NULL pointer deference*	http://lists.gnu.org/archive/html/bug-gama/2019-04/msg00000.html
cflow 1.6	cflow	Use-after-free*	http://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00001.html
cflow 1.6	cflow	Heap Buffer-overflow*	http://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00000.html
Binutils 2.32	gprof	Global Buffer-overflow	https://sourceware.org/bugzilla/show_bug.cgi?id=24402
liblouis 3.9.0	lou_checktable	Stack Buffer-overflow	https://github.com/liblouis/liblouis/issues/728
liblouis 3.9.0	lou_checktable	Global Buffer-overflow	https://github.com/liblouis/liblouis/issues/721
Bison 3.3	bison	Heap Buffer-overflow	http://lists.gnu.org/archive/html/bug-bison/2019-03/msg00007.html
Bison 3.3	yacc	NULL pointer deference	http://lists.gnu.org/archive/html/bug-bison/2019-03/msg00008.html
recutils 1.8	recfix	double free	http://lists.gnu.org/archive/html/bug-recutils/2019-03/msg00001.html
elfutils 0.176	eu-readelf	Invalid Address Read’	https://sourceware.org/bugzilla/show_bug.cgi?id=24398
boolector 3.0.0	boolector	Heap Buffer-overflow	https://github.com/Boolector/boolector/issues/42
boolector 3.0.0	boolector	Use-after-free	https://github.com/Boolector/boolector/issues/41
elfutils 0.176	eu-stack	Invalid Address Read’	https://sourceware.org/bugzilla/show_bug.cgi?id=24387
elfutils 0.176	eu-strip	Invalid Address Read’	https://sourceware.org/bugzilla/show_bug.cgi?id=24385
lrzip 0.631	lrzip	Invalid Address Read	https://github.com/ckolivas/lrzip/issues/109
zziplib 0.13.69	unzzip	Stack Buffer-overflow	https://github.com/gdraheim/zziplib/issues/70
Binutils 2.32	ld	Invalid Address Read’	https://sourceware.org/bugzilla/show_bug.cgi?id=24340
Binutils 2.32	ld	Invalid Address Read’	https://sourceware.org/bugzilla/show_bug.cgi?id=24339
Binutils 2.32	ld	Heap Buffer-overflow’	https://sourceware.org/bugzilla/show_bug.cgi?id=24338
Binutils 2.32	ld	Invalid Address Read’	https://sourceware.org/bugzilla/show_bug.cgi?id=24337
Binutils 2.32	ld	Heap Buffer-overflow’	https://sourceware.org/bugzilla/show_bug.cgi?id=24336
Binutils 2.32	ld	Heap Buffer-overflow’	https://sourceware.org/bugzilla/show_bug.cgi?id=24334
Binutils 2.32	ld	Invalid Address Read’	https://sourceware.org/bugzilla/show_bug.cgi?id=24333
Binutils 2.32	ld	Heap Buffer-overflow’	https://sourceware.org/bugzilla/show_bug.cgi?id=24332
exiv2 0.27	exiv2	Uncontrolled-memory-allocation*	https://github.com/Exiv2/exiv2/issues/742
exiv2 0.27	exiv2	Stack-overflow*	https://github.com/Exiv2/exiv2/issues/741
openh264 1.8.0	h264dec	Use After Free’	https://github.com/cisco/openh264/issues/3108
Binaryen 1.38.26	wasm-opt	Heap Buffer-overflow*	https://github.com/WebAssembly/binaryen/issues/1900
Binaryen 1.38.25	wasm-as	NULL Pointer Dereference*	https://github.com/WebAssembly/binaryen/issues/1893
Elfutils 0.175	eu-nm	Heap Buffer-overflow	https://sourceware.org/bugzilla/show_bug.cgi?id=24140
Binaryen 1.38.25	wasm2js	Assertion failed’	https://github.com/WebAssembly/binaryen/issues/1885
Elfutils 0.175	eu-readelf	Heap Buffer-overflow’	https://sourceware.org/bugzilla/show_bug.cgi?id=24116
Binaryen 1.38.22	wasm-opt	NULL Pointer Dereference*	https://github.com/WebAssembly/binaryen/issues/1881
Binaryen 1.38.22	wasm-opt	Heap Buffer-overflow*	https://github.com/WebAssembly/binaryen/issues/1880
Binaryen 1.38.22	wasm-opt	NULL Pointer Dereference*	https://github.com/WebAssembly/binaryen/issues/1879
Binaryen 1.38.22	wasm-opt	Assertion failed’	https://github.com/WebAssembly/binaryen/issues/1878
Binaryen 1.38.22	wasm2js	Assertion failed’	https://github.com/WebAssembly/binaryen/issues/1877
Binaryen 1.38.22	wasm2js	Heap Buffer-overflow*	https://github.com/WebAssembly/binaryen/issues/1876
Elfutils 0.175	eu-stack	Wild Pointer Deference*	https://sourceware.org/bugzilla/show_bug.cgi?id=24103
Elfutils 0.175	eu-nm	Heap Buffer-overflow*	https://sourceware.org/bugzilla/show_bug.cgi?id=24102
Binaryen 1.38.22	wasm-opt	Assertion failed*	https://github.com/WebAssembly/binaryen/issues/1872
Binaryen 1.38.22	wasm-as	NULL Pointer Dereference*	https://github.com/WebAssembly/binaryen/issues/1867
Binaryen 1.38.22	wasm-opt	Uncontrolled-memory-allocation*	https://github.com/WebAssembly/binaryen/issues/1866
Binaryen 1.38.22	wasm-megre	Use After Free*	https://github.com/WebAssembly/binaryen/issues/1865
Binaryen 1.38.22	wasm-megre	Heap Buffer-overflow*	https://github.com/WebAssembly/binaryen/issues/1864
Binaryen 1.38.22	wasm2js	Heap Buffer-overflow*	https://github.com/WebAssembly/binaryen/issues/1863
Elfutils 0.174	eu-readelf	Heap Buffer-overflow*	https://sourceware.org/bugzilla/show_bug.cgi?id=24089
Elfutils 0.174	eu-strip	Memory Leak’	https://sourceware.org/bugzilla/show_bug.cgi?id=24086
Elfutils 0.174	eu-ar	Uncontrolled-memory-allocation*	https://sourceware.org/bugzilla/show_bug.cgi?id=24085
Elfutils 0.174	eu-elflint	Negative-size-param*	https://sourceware.org/bugzilla/show_bug.cgi?id=24084
Elfutils 0.174	eu-readelf	Heap Buffer-overflow*	https://sourceware.org/bugzilla/show_bug.cgi?id=24081
Elfutils 0.174	eu-readelf	Heap Buffer-overflow*	https://sourceware.org/bugzilla/show_bug.cgi?id=24075
flex 2.6.4	flex	Stack-overflow*	https://github.com/westes/flex/issues/414
NASM 2.14.03rc1	nasm	Stack-overflow*	https://bugzilla.nasm.us/show_bug.cgi?id=3392549
NASM 2.14.03rc1	nasm	Stack-overflow*	https://bugzilla.nasm.us/show_bug.cgi?id=3392548
yaml-cpp 0.6.2	prase	Stack-overflow*	https://github.com/jbeder/yaml-cpp/issues/657
NASM 2.14rc16	ndisam	Stack Buffer-overflow’	https://bugzilla.nasm.us/show_bug.cgi?id=3392547
NASM 2.14rc16	ndisam	Stack Buffer-overflow’	https://bugzilla.nasm.us/show_bug.cgi?id=3392546
NASM 2.14rc16	ndisam	Stack Buffer-overflow’	https://bugzilla.nasm.us/show_bug.cgi?id=3392545
LibRaw 0.19.2	dcraw_emu	Memory leak’	https://github.com/LibRaw/LibRaw/issues/196
NASM 2.14rc16	nasm	Global Buffer-overflow*	https://bugzilla.nasm.us/show_bug.cgi?id=3392544
Bento4 v1.5.1-624	avcinfo	Heap Buffer-overflow*	https://github.com/axiomatic-systems/Bento4/issues/355
Bento4 v1.5.1-624	mp4dump	Uncontrolled-memory-allocation*	https://github.com/axiomatic-systems/Bento4/issues/354
Bento4 v1.5.1-624	mp42hls	Global Buffer-overflow’	https://github.com/axiomatic-systems/Bento4/issues/353
Bento4 v1.5.1-624	mp42hls	Invalid Address Read*	https://github.com/axiomatic-systems/Bento4/issues/352
Bento4 v1.5.1-624	mp42hls	Assertion failed*	https://github.com/axiomatic-systems/Bento4/issues/351
tinyexr v0.9.5	test_tinyexr	Uncontrolled-memory-allocation*	https://github.com/syoyo/tinyexr/issues/104
tinyexr v0.9.5	test_tinyexr	Uncontrolled-memory-allocation’	https://github.com/syoyo/tinyexr/issues/103
tinyexr v0.9.5	test_tinyexr	Heap Buffer-overflow’	https://github.com/syoyo/tinyexr/issues/102
tinyexr v0.9.5	test_tinyexr	Invalid Address Read’	https://github.com/syoyo/tinyexr/issues/101
htslib v1.9	tabix	Invalid Address Read’	https://github.com/samtools/htslib/issues/810
Binutils 2.31	c++filt	Heap Buffer-overflow*	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629
Binutils 2.31	c++filt	Heap Buffer-overflow*	https://sourceware.org/bugzilla/show_bug.cgi?id=24043
Binutils 2.31	ld	Global Buffer-overflow’	https://sourceware.org/bugzilla/show_bug.cgi?id=24042
Binutils 2.31	ld	Invalid Address Read*	https://sourceware.org/bugzilla/show_bug.cgi?id=24041
jasper v2.0.14	jasper	Assertion failed’	https://github.com/mdadams/jasper/issues/190
libming v0.4.8	swftocxx	Heap Buffer-overflow*	https://github.com/libming/libming/issues/168
Mini Xml v2.1	mxmldoc	Stack Buffer-overflow*	https://github.com/michaelrsweet/mxml/issues/237
Mini Xml v2.1	mxmldoc	Use-after-free*	https://github.com/michaelrsweet/mxml/issues/237
Binutils 2.31	ld	Memory leak’	https://sourceware.org/bugzilla/show_bug.cgi?id=24007
Binutils 2.31	c++filt	Memory leak*	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539
Binutils 2.31	c++filt	memory leak*	https://sourceware.org/bugzilla/show_bug.cgi?id=24002
Binutils 2.31	objdump	memory leak’	https://sourceware.org/bugzilla/show_bug.cgi?id=24001
Binutils 2.31	nm	memory leak*	https://sourceware.org/bugzilla/show_bug.cgi?id=23952
Binutils 2.31	nm	Stack-overflow*	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681
Binutils 2.31	nm	Stack-overflow*	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675
Binutils 2.31	ld	NULL Pointer Dereference*	https://sourceware.org/bugzilla/show_bug.cgi?id=23806
Binutils 2.31	ld	NULL Pointer Dereference*	https://sourceware.org/bugzilla/show_bug.cgi?id=23805
Binutils 2.31	ld	Heap Buffer-overflow*	https://sourceware.org/bugzilla/show_bug.cgi?id=23804
Binutils 2.31	c++filt	Stack-overflow*	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636
Binutils 2.31	c++filt	Integer overflow*	https://sourceware.org/bugzilla/show_bug.cgi?id=23767
Binutils 2.31	c++filt	Uncontrolled-memory-allocation*	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602
Binutils 2.31	ld	NULL-Pointer dereference’	https://sourceware.org/bugzilla/show_bug.cgi?id=23772
Binutils 2.31	objdump	Uncontrolled-memory-allocation’	https://sourceware.org/bugzilla/show_bug.cgi?id=23771
Binutils 2.31	c++filt	Stack-overflow*	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87333
Binutils 2.31	c++filt	Stack-overflow*	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335
Binutils 2.31	c++filt	NULL Pointer Dereference*	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350
Binutils 2.31	objdump	Invalid Address Read*	https://sourceware.org/bugzilla/show_bug.cgi?id=23770
Elfutils 0.174	eu-ranlib	Divide-by-zero*	https://sourceware.org/bugzilla/show_bug.cgi?id=23786
Elfutils 0.174	eu-size	Invalid Address Read*	https://sourceware.org/bugzilla/show_bug.cgi?id=23787
Elfutils 0.174	eu-readelf	Negative-size-param’	https://sourceware.org/bugzilla/show_bug.cgi?id=23782
Elfutils 0.174	eu-stack	Invalid Address Read*	https://sourceware.org/bugzilla/show_bug.cgi?id=23752
Elfutils 0.174	eu-stack	Invalid Address Read’	https://sourceware.org/bugzilla/show_bug.cgi?id=23753
Elfutils 0.174	eu-ar	NULL-Pointer Dereference’	https://sourceware.org/bugzilla/show_bug.cgi?id=23754
Elfutils 0.174	eu-findtextrel	Divide-by-zero’	https://sourceware.org/bugzilla/show_bug.cgi?id=23755
Elfutils 0.173	eu-addr2line	Heap Buffer-overflow*	https://sourceware.org/bugzilla/show_bug.cgi?id=23541
Elfutils 0.173	eu-nm	Double Free*	https://sourceware.org/bugzilla/show_bug.cgi?id=23528
Elfutils 0.173	eu-readelf	Heap Buffer-overflow*	https://sourceware.org/bugzilla/show_bug.cgi?id=23529
Elfutils 0.173	eu-elflint	Heap Buffer-overflow’	https://sourceware.org/bugzilla/show_bug.cgi?id=23542
LibTIFF 4.0.9	tiff2pdf	Heap Buffer-overflow*	http://bugzilla.maptools.org/show_bug.cgi?id=2816
libexe	exeinfo	Heap Buffer-overflow*	https://github.com/libyal/libexe/issues/1
ImageMagick	magick identify	Uncontrolled-memory-allocation’	https://github.com/ImageMagick/ImageMagick/issues/1350
ImageMagick	magick	Memory Leak’	https://github.com/ImageMagick/ImageMagick/issues/1403
liblnk	lnkinfo	Heap Buffer-overflow’	https://github.com/libyal/liblnk/issues/36

Cheng Wen

Curriculum Vitae

Contact Information

Education

Work experience

Research Experiment

Research Interests

Publications

2024

2022

2021

2020

2019

2018

2017

Misc

Practical Security Impact

CVE ID (73)

Open Bugs Reported (132)