...
Note that the calls to fprintf() and printf() are C standard functions [ISO/IEC 9899:2011] standard functions and not managed string functions.
...
String-handling functions defined in the C standard, section 7.24 [ISO/IEC 9899:2011], and elsewhere are susceptible to common programming errors that can lead to serious, exploitable vulnerabilities. Managed strings, when used properly, can eliminate many of these errors, particularly in new development.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
ISO/IEC 9899:2011 Section Section 7.24, "String handling <string.h>"
...