diff --git a/src/_webp.c b/src/_webp.c
index d065e329c6b..4f627a90b24 100644
--- a/src/_webp.c
+++ b/src/_webp.c
@@ -52,11 +52,19 @@ HandleMuxError(WebPMuxError err, char *chunk) {
 
     // Create the error message
     if (chunk == NULL) {
-        message_len =
-            sprintf(message, "could not assemble chunks: %s", kErrorMessages[-err]);
+        message_len = snprintf(
+            message,
+            sizeof(message),
+            "could not assemble chunks: %s",
+            kErrorMessages[-err]
+        );
     } else {
-        message_len = sprintf(
-            message, "could not set %.4s chunk: %s", chunk, kErrorMessages[-err]
+        message_len = snprintf(
+            message,
+            sizeof(message),
+            "could not set %.4s chunk: %s",
+            chunk,
+            kErrorMessages[-err]
         );
     }
     if (message_len < 0) {
@@ -649,8 +657,9 @@ WebPEncode_wrapper(PyObject *self, PyObject *args) {
         int error_code = (&pic)->error_code;
         char message[50] = "";
         if (error_code == VP8_ENC_ERROR_BAD_DIMENSION) {
-            sprintf(
+            snprintf(
                 message,
+                sizeof(message),
                 ": Image size exceeds WebP limit of %d pixels",
                 WEBP_MAX_DIMENSION
             );
@@ -743,8 +752,9 @@ const char *
 WebPDecoderVersion_str(void) {
     static char version[20];
     int version_number = WebPGetDecoderVersion();
-    sprintf(
+    snprintf(
         version,
+        sizeof(version),
         "%d.%d.%d",
         version_number >> 16,
         (version_number >> 8) % 0x100,
diff --git a/src/libImaging/JpegEncode.c b/src/libImaging/JpegEncode.c
index 098e431fca0..d61094ad7b2 100644
--- a/src/libImaging/JpegEncode.c
+++ b/src/libImaging/JpegEncode.c
@@ -402,7 +402,9 @@ ImagingJpegEncode(Imaging im, ImagingCodecState state, UINT8 *buf, int bytes) {
 const char *
 ImagingJpegVersion(void) {
     static char version[20];
-    sprintf(version, "%d.%d", JPEG_LIB_VERSION / 10, JPEG_LIB_VERSION % 10);
+    snprintf(
+        version, sizeof(version), "%d.%d", JPEG_LIB_VERSION / 10, JPEG_LIB_VERSION % 10
+    );
     return version;
 }
 
diff --git a/src/libImaging/QuantPngQuant.c b/src/libImaging/QuantPngQuant.c
index a2258c3a289..9fd2d8e5101 100644
--- a/src/libImaging/QuantPngQuant.c
+++ b/src/libImaging/QuantPngQuant.c
@@ -126,7 +126,14 @@ const char *
 ImagingImageQuantVersion(void) {
     static char version[20];
     int number = liq_version();
-    sprintf(version, "%d.%d.%d", number / 10000, (number / 100) % 100, number % 100);
+    snprintf(
+        version,
+        sizeof(version),
+        "%d.%d.%d",
+        number / 10000,
+        (number / 100) % 100,
+        number % 100
+    );
     return version;
 }