Format string vulnerability via LOCALEDIR environment variable.
vulners.com/securityvulns/securityvulns:doc:23318