In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
This issue is duplicate of CVE-2017-10684.
*** This bug has been marked as a duplicate of bug 1473302 ***
Red Hat considers this issue as a duplicate of CVE-2017-10684.