This issue was addressed with improved checks. This issue is fixed in iOS 12.2. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing.
Apple Security Advisory 2019-3-25-1 - iOS 12.2 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.