Format string vulnerabilities stems from the use of unchecked user input as the format string parameter in certain C functions that perform formatting, such as printf(). A successful exploit could lead to crash of the program or arbitrary code execution.
