Security: Infinite loop when decoding a crafted gif

[whatevicanhaz]

Prerequisites

• I have written a descriptive issue title
• I have verified that I am running the latest version of ImageSharp
• I have verified if the problem exist in both DEBUG and RELEASE mode
• I have searched open and closed issues to ensure it has not already been reported

ImageSharp version

3.1.10

Other ImageSharp packages and versions

N/A

Environment (Operating system, version and so on)

Arch linux

.NET Framework version

9.0.105

Description

Running

using SixLabors.ImageSharp;
using SixLabors.ImageSharp.Formats;

Console.WriteLine("Hello, World!");

await Task.WhenAll(Enumerable.Range(0, 10).Select(_ => SaveLoadImage()));

return;

static Task SaveLoadImage()
{
    var defaultDecoderOptions = new DecoderOptions() { SkipMetadata = true };
    
    return Task.Run(() =>
    {
        using var ms = new MemoryStream(File.ReadAllBytes("3.gif"));
        // var imageInfo = Image.Identify(ms);
        var imageInfo = Image.Identify(defaultDecoderOptions, ms);
        Console.WriteLine("We never reach this code");
    });
}

With the image attached here will result in an infinite loop.

Steps to Reproduce

• Create a project from the code in the description
• Download and run said code against the attached "3.gif" file

Images

[whatevicanhaz]

Thanks for fixing it so quickly!
May I kindly request an advisory for this?

[JimBobSquarePants]

Yes, we’ll be publishing one before we release the code to NuGet