One possibility is that the mbedTLS is running out of memory (though I’d expect that to show up in logs). Which memory scheme are you using for mbedTLS: Alternative ways of allocating memory in Mbed TLS — Mbed TLS documentation? If heap, you can map them to FreeRTOS heap and enable malloc failed hook to catch malloc failure.
Other thing to check is that the complete image is received and written correctly. Can you read the image back from flash and check that it is same as the one sent from the cloud?