+diff -urN libmp3splt-0.9.0.orig/src/oformat_parser.c libmp3splt-0.9.0/src/oformat_parser.c
+--- libmp3splt-0.9.0.orig/src/oformat_parser.c 2014-03-22 23:25:22.076480090 +0100
++++ libmp3splt-0.9.0/src/oformat_parser.c 2014-03-22 23:30:02.099814984 +0100
+@@ -533,7 +533,7 @@
+ int max_number_of_digits = splt_u_get_requested_num_of_digits(state,
+ state->oformat.format[i], &requested_num_of_digits, SPLT_FALSE);
+
+- snprintf(temp + offset, temp_len, format);
++ snprintf(temp + offset, temp_len, "%s", format);
+
+ fm_length = strlen(temp) + 1 + max_number_of_digits;
+ if ((fm = malloc(fm_length * sizeof(char))) == NULL)
+@@ -563,7 +563,7 @@
+ //
+ if (artist_or_performer != NULL)
+ {
+- snprintf(temp+2,temp_len, state->oformat.format[i]+2);
++ snprintf(temp+2,temp_len, "%s", state->oformat.format[i]+2);
+
+ int artist_length = 0;
+ artist_length = strlen(artist_or_performer);
+@@ -571,7 +571,7 @@
+ }
+ else
+ {
+- snprintf(temp,temp_len, state->oformat.format[i]+2);
++ snprintf(temp,temp_len, "%s", state->oformat.format[i]+2);
+ fm_length = strlen(temp) + 1;
+ }
+
+@@ -591,7 +591,7 @@
+ }
+ else
+ {
+- snprintf(fm, fm_length, temp);
++ snprintf(fm, fm_length, "%s", temp);
+ }
+
+ break;
+@@ -608,7 +608,7 @@
+ //
+ if (artist != NULL)
+ {
+- snprintf(temp+2,temp_len, state->oformat.format[i]+2);
++ snprintf(temp+2,temp_len, "%s", state->oformat.format[i]+2);
+
+ int artist_length = 0;
+ artist_length = strlen(artist);
+@@ -616,7 +616,7 @@
+ }
+ else
+ {
+- snprintf(temp,temp_len, state->oformat.format[i]+2);
++ snprintf(temp,temp_len, "%s", state->oformat.format[i]+2);
+ fm_length = strlen(temp) + 1;
+ }
+
+@@ -636,7 +636,7 @@
+ }
+ else
+ {
+- snprintf(fm, fm_length, temp);
++ snprintf(fm, fm_length, "%s", temp);
+ }
+ break;
+ case 'b':
+@@ -654,13 +654,13 @@
+ {
+ int album_length = 0;
+ album_length = strlen(album);
+- snprintf(temp+2, temp_len, state->oformat.format[i]+2);
++ snprintf(temp+2, temp_len, "%s", state->oformat.format[i]+2);
+
+ fm_length = strlen(temp) + album_length + 1;
+ }
+ else
+ {
+- snprintf(temp,temp_len, state->oformat.format[i]+2);
++ snprintf(temp,temp_len, "%s", state->oformat.format[i]+2);
+ fm_length = strlen(temp) + 1;
+ }
+
+@@ -698,13 +698,13 @@
+ {
+ int genre_length = 0;
+ genre_length = strlen(genre);
+- snprintf(temp+2, temp_len, state->oformat.format[i]+2);
++ snprintf(temp+2, temp_len, "%s", state->oformat.format[i]+2);
+
+ fm_length = strlen(temp) + genre_length + 1;
+ }
+ else
+ {
+- snprintf(temp,temp_len, state->oformat.format[i]+2);
++ snprintf(temp,temp_len, "%s", state->oformat.format[i]+2);
+ fm_length = strlen(temp) + 1;
+ }
+
+@@ -742,13 +742,13 @@
+ {
+ int title_length = 0;
+ title_length = strlen(title);
+- snprintf(temp+2, temp_len, state->oformat.format[i]+2);
++ snprintf(temp+2, temp_len, "%s", state->oformat.format[i]+2);
+
+ fm_length = strlen(temp) + title_length + 1;
+ }
+ else
+ {
+- snprintf(temp,temp_len, state->oformat.format[i]+2);
++ snprintf(temp,temp_len, "%s", state->oformat.format[i]+2);
+ fm_length = strlen(temp) + 1;
+ }
+
+@@ -768,7 +768,7 @@
+ }
+ else
+ {
+- snprintf(fm, fm_length, temp);
++ snprintf(fm, fm_length, "%s", temp);
+ }
+ break;
+ case 'p':
+@@ -786,13 +786,13 @@
+ {
+ int performer_length = 0;
+ performer_length = strlen(performer);
+- snprintf(temp+2, temp_len, state->oformat.format[i]+2);
++ snprintf(temp+2, temp_len, "%s", state->oformat.format[i]+2);
+
+ fm_length = strlen(temp) + performer_length + 1;
+ }
+ else
+ {
+- snprintf(temp,temp_len, state->oformat.format[i]+2);
++ snprintf(temp,temp_len, "%s", state->oformat.format[i]+2);
+ fm_length = strlen(temp) + 1;
+ }
+
+@@ -811,7 +811,7 @@
+ }
+ else
+ {
+- snprintf(fm, fm_length, temp);
++ snprintf(fm, fm_length, "%s", temp);
+ }
+ break;
+ case 'l':
+@@ -861,7 +861,7 @@
+ const char *format =
+ splt_u_get_format_ptr(state->oformat.format[i], temp, NULL);
+
+- snprintf(temp + 4, temp_len, format + 2);
++ snprintf(temp + 4, temp_len, "%s", format + 2);
+ fm_length = strlen(temp) + 1 + max_num_of_digits;
+ }
+ else
+@@ -902,7 +902,7 @@
+ original_filename = strdup(splt_su_get_fname_without_path(splt_t_get_filename_to_split(state)));
+ if (original_filename)
+ {
+- snprintf(temp+2,temp_len, state->oformat.format[i]+2);
++ snprintf(temp+2,temp_len, "%s", state->oformat.format[i]+2);
+
+ splt_su_cut_extension(original_filename);
+