Security Vulnerability - Action Required: Divide By Zero vulnerability may in your project

[Crispy-fried-chicken]

Hi, we have detected that your project may be vulnerable to Out-of-bounds Write in the function of Fraction::Fraction in the file of ext/libheif/libheif/box.cc . It shares similarities to a recent CVE disclosure CVE-2023-29659 in the libheif.

The source vulnerability information is as follows:

Vulnerability Detail: CVE Identifier: CVE-2023-29659 Description: A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-29659 Patch: https://github.com/strukturag/libheif/commit/e05e15b57a38ec411cb9acb38512a1c36ff62991

Would you help to check if this bug is true? If it's true, I'd like to open a PR for that if necessary. Thank you for your effort and patience!