diff --git a/src/escape_chars.c b/src/escape_chars.c
index a310e58..f71b50f 100644
--- a/src/escape_chars.c
+++ b/src/escape_chars.c
@@ -87,7 +87,7 @@ SEXP C_escape_chars_one(SEXP x) {
       default:
         //control characters need explicit \u00xx escaping
         if (*cur >= 0x00 && *cur <= 0x1f){
-          sprintf(outcur, "\\u%04x", *cur);
+          snprintf(outcur, 7, "\\u%04x", *cur);
           outcur += 5; //extra length
           break;
         }
diff --git a/src/modp_numtoa.c b/src/modp_numtoa.c
index 5ade112..318a9a4 100644
--- a/src/modp_numtoa.c
+++ b/src/modp_numtoa.c
@@ -161,7 +161,7 @@ size_t modp_dtoa(double value, char* str, int prec)
 	   which can be 100s of characters overflowing your buffers == bad
 	   */
 	if (value > thres_max) {
-		sprintf(str, "%e", neg ? -value : value);
+		snprintf(str, 13, "%e", neg ? -value : value);
 		return strlen(str);
 	}