Fix scanf() format vulnerabilities