sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.
https://www.openssl.org/docs/manmaster/man3/EC_KEY_set_public_key_affine_coordinates.html