...
Argument List Caveats
C99 functions that themselves take accept the variadic primitive va_list as an argument pose an additional threat when dealing with variadic functionsrisk. Calls to vfprintf(), vfscanf(), vprintf(), vscanf(), vsnprintf(), vsprintf(), and vsscanf() use the va_arg() macro, invalidating the parameterized va_list. ThusConsequently, this once a va_list must not is passed as an argument to any of these functions, it cannot be used again except for in a call to the va_end() macro once any of those functions are used.
Risk Assessment
Incorrectly using a variadic function can result in abnormal program termination or unintended information disclosure.
...