Never call a formatted I/O function with a format string containing a tainted value . An attacker who can fully or partially control the contents of a format string can crash a vulnerable process, view the contents of the stack, view memory content, or write to an arbitrary memory location. Consequently, the attacker can execute arbitrary code with the permissions of the vulnerable process [Seacord 2013]. Formatted output functions are particularly dangerous because many programmers are unaware of their capabilities. ( For example, they can write an integer value to a specified address using the %n conversion specifier.). An attacker that can control the value of a format string can also cause it to violate FIO47-C. Use valid format strings.
Noncompliant Code Example
...