A format string vulnerability in the grant helper, in PolicyKit 0.7 and earlier, allows attackers to cause a denial of service and possibly execute arbitrary code via format strings in a password. The updated package has been patched to correct this issue.