01Summary
A format string vulnerability occurs when user-supplied input is passed directly as a format string to functions like printf(), sprintf(), or similar formatting routines. An attacker can craft malicious input containing format specifiers (like %x or %n) to read from or write to arbitrary memory locations, potentially exposing sensitive data or executing code.