Index: djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp
===================================================================
--- djvulibre-3.5.28.orig/libdjvu/IW44EncodeCodec.cpp
+++ djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp
@@ -1424,7 +1424,12 @@ IWBitmap::Encode::init(const GBitmap &bm
   int h = bm.rows();
   int g = bm.get_grays()-1;
   signed char *buffer;
-  GPBuffer<signed char> gbuffer(buffer,w*h);
+  size_t sz = w * h;
+  if (sz == 0 || g <= 0) // w or h is zero or g is not positive
+    G_THROW("IWBitmap: zero size image (corrupted file?)");
+  if (sz / (size_t)w != (size_t)h) // multiplication overflow
+    G_THROW("IWBitmap: image size exceeds maximum (corrupted file?)");
+  GPBuffer<signed char> gbuffer(buffer,sz);
   // Prepare gray level conversion table
   signed char  bconv[256];
   for (i=0; i<256; i++)