The format strings in functions like "printf" specifies a method for rendering an arbitrary number of varied data type parameters into a string.
printf("The desired number is %d",2014)
format string = The desired number is %d
format string vulnerabilities can be used to view process memory, dump the stack and read from/write to arbitrary memory addresses.