Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function.