It's super easy to convert a DJVU file to PDF though. There's an increase in filesize but it's not the end of the world.
And since you're creating the PDF yourself seems like you can trust it? Since nothing malicious could survive the DJVU to PDF conversion since it's just "dumb" bitmap-based.
If your DjVu file contains an exploit for your DjVu decoder, even if you run it in a bombproof container, it could still conceivably inject malicious code into the resulting PDF file. That sounds far-fetched because the exploit payload would need to recognize that a PDF conversion was going on and respond by generating the PDF, but I remember when people thought exploiting buffer overflows was implausible, and this is not the same level of rocket science.
And since you're creating the PDF yourself seems like you can trust it? Since nothing malicious could survive the DJVU to PDF conversion since it's just "dumb" bitmap-based.