Previous rPGP versions could be caused to crash with a "stack overflow" when parsing messages that contain deeply nested message layers, such as messages with many signatures.

rPGP 0.19.0 resolves this issue with a more robust message handling implementation (via https://github.com/rpgp/rpgp/pull/625).

An attacker could cause applications to crash in rPGP's message parsing subsystem, when applications attempt to ingest messages.

Discovered internally during rPGP development, using a fuzz test suite previously contributed by Christian Reitter.