diff --git a/Parser/string_parser.c b/Parser/string_parser.c
index b164dfbc81a933..198a1cd471e5f0 100644
--- a/Parser/string_parser.c
+++ b/Parser/string_parser.c
@@ -182,7 +182,7 @@ decode_unicode_with_escapes(Parser *parser, const char *s, size_t len, Token *t)
             w_len = PyUnicode_GET_LENGTH(w);
             for (i = 0; i < w_len; i++) {
                 Py_UCS4 chr = PyUnicode_READ(kind, data, i);
-                sprintf(p, "\\U%08x", chr);
+                snprintf(p, 11, "\\U%08x", chr);
                 p += 10;
             }
             /* Should be impossible to overflow */
diff --git a/Programs/_freeze_module.c b/Programs/_freeze_module.c
index 27a60171f3eca8..54cd12e8083f45 100644
--- a/Programs/_freeze_module.c
+++ b/Programs/_freeze_module.c
@@ -126,7 +126,7 @@ compile_and_marshal(const char *name, const char *text)
     if (filename == NULL) {
         return PyErr_NoMemory();
     }
-    sprintf(filename, "<frozen %s>", name);
+    snprintf(filename, strlen(name) + 10, "<frozen %s>", name);
     PyObject *code = Py_CompileStringExFlags(text, filename,
                                              Py_file_input, NULL, 0);
     free(filename);
@@ -153,7 +153,7 @@ get_varname(const char *name, const char *prefix)
     if (varname == NULL) {
         return NULL;
     }
-    (void)strcpy(varname, prefix);
+    memcpy(varname, prefix, n);
     for (size_t i = 0; name[i] != '\0'; i++) {
         if (name[i] == '.') {
             varname[n++] = '_';