All versions of gnupg prior to 1.4.2.2 do not detect injection of unsigned data. Signature verification of non-detached signatures may give a positive result but when extracting the signed data, this data may be prepended or appended with extra data not covered by the signature. Thus it is possible for an attacker to take any signed message and inject extra arbitrary data.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/44560/gnupgDetect.txt
Source: https://packetstormsecurity.com/files/44560/gnupgDetect.txt.html