dbus is vulnerable to denial of service. When the system has multiple usernames sharing the same UID and the policy rules references these usernames, D-Bus does not properly free some memory in a heap for shared UIDs, allowing an attacker to cause an application crash.