diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
index 11c4648f911..a2464e1a46b 100644
--- a/src/libsystemd/sd-bus/bus-message.c
+++ b/src/libsystemd/sd-bus/bus-message.c
@@ -5152,7 +5152,7 @@ int bus_message_parse_fields(sd_bus_message *m) {
                                 return -EBADMSG;
 
                         if (*p == 0) {
-                                char *k;
+                                _cleanup_free_ char *k = NULL;
                                 size_t l;
 
                                 /* We found the beginning of the signature
@@ -5170,6 +5170,9 @@ int bus_message_parse_fields(sd_bus_message *m) {
                                 if (!k)
                                         return -ENOMEM;
 
+                                if (!signature_is_valid(k, true))
+                                        return -EBADMSG;
+
                                 free_and_replace(m->root_container.signature, k);
                                 break;
                         }
diff --git a/test/fuzz/fuzz-bus-message/oss-fuzz-14016 b/test/fuzz/fuzz-bus-message/oss-fuzz-14016
new file mode 100644
index 00000000000..c82d1ba4adf
Binary files /dev/null and b/test/fuzz/fuzz-bus-message/oss-fuzz-14016 differ