Writing Secure Code

Do use fixed format strings, or format strings from a trusted source.

Do check and limit locale requests to valid values.

Do not pass user input directly as the format string to formatting functions.

Consider using higher-level languages that tend to be less vulnerable to this issue.