The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service via a crafted djvu file.