can someone explain the vulnerabilities and exploits in this code?

There is a class of computer system vulnerabilities and exploits based on format strings. The following exercise will have you craft an input to exploit a format string vulnerability and crash the program. The vulnerable C source code (badEcho.c) is available via the course website. Download and compile the code under Ubuntu 18.04 LTS. 14. 57 700 Which line of the source code (badEcho.c) contains the vulnerability? 15. [5/__/0] Enter input that causes the program to crash (Segmentation Fault). Hint: You are on the correct track if you can first get the program to output more than what was entered by the user What input did you provide to crash the program? What sequence specifically in the input caused the program to crash? 16. [10/_/0] In your own words describe how your input caused the program to crash? In other words, what did your input cause the program to do that resulted in the crash? Hint: Carefully review the printf(3) man page. Use complete sentences, spelling and grammar count. 17. [10//0] In your own words describe how you can avoid a format string vulnerability when using printf(3)? Use appropriate terminology from the Basic C Programming section of the course. Use complete sentences; spelling and grammar count. // Required includes include include sinclude Winclude // Standard Definitions Library / Standard Library // Standard I/O Library: printf(3), scanf(3) // String Library: strlen(3) // Global Constants and Variables #define MAX_BUFFER LEN 80 // Read in a line, echo the line int nain(int argc, char *arg ) // Declare required variables char buffliner MAX BUFFER LEN) int intReturnStatus : 1/ Perform function scanf("% s buffline); /* scanf(3) is in the printf(3) fanily of library routines, scanf and printf use the same format specifiers. printf writes data to Standard Output, scanf reads in data from Standard Input. See the scanf man page for more infornation ( s nan 3 scanf ). Additionally. printf and scanf each have their own unique formate specifiers. buffline MAX BUFFER LEN - 1] = '\0' // Make sure the character array (string) ts NULL byte terminated; the NULL byte signifies the end of the string printf(buffline); if (buffline strlen( buffline ) - 2 ] 1 'in') printf(" "); // Return return intReturnStatus