Never call any formatted I/O function without with a format string containing user input. This is primarily a problem with output functions.
If the user can control a format string, they can write to arbitrary memory locations. The most common form of this error is in output operation. The rarely used and often forgotten %n format specification causes the number of characters written to be written to a pointer passed on the stack.
Non-compliant C