There is an upstream report that while verifying PGP signature using crypt_use_gpgme=true, one can get segfault if the signature specify policy URL. In that case gpgme returns NULL signature notation name and mutt passes the NULL to strcmp() which leads to segfault. See <http://dev.mutt.org/trac/ticket/3574> for more details, especially for a reproducer and a proposed fix.
The upstream ticket is on the radar, I'm waiting a little time for the maintainers to hopefully push your patch so it's an easy one to bring over to the gentoo-1.5.21 branch.
Got tired of waiting, applied it in the meantime in 1.5.21-r9, thanks!