diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt
index a9172b96ba..c56b9154f3 100644
--- a/.github/actions/spelling/allow.txt
+++ b/.github/actions/spelling/allow.txt
@@ -173,6 +173,7 @@ libbpg
 libc
 libcurl
 libdb
+libebml
 libexpat
 libgcrypt
 libical
diff --git a/README.md b/README.md
index 73e09d9ca1..cfe84b76fa 100644
--- a/README.md
+++ b/README.md
@@ -194,23 +194,24 @@ The following checkers are available for finding components in binary files:
 
 <!--CHECKERS TABLE BEGIN-->
 |   |  |  | Available checkers |  |  |  |
-|--------------- |------------ |--------------- |---------- |------------- |---------- |---------- |
+|--------------- |---------- |------------ |--------------- |---------- |------------- |---------- |
 | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap |
 | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus |
 | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius |
 | ftp |gcc |gimp |glibc |gnomeshell |gnupg |gnutls |
 | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell |
 | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive |
-| libbpg |libdb |libgcrypt |libical |libjpeg_turbo |liblas |libnss |
-| librsvg |libseccomp |libsndfile |libsoup |libsrtp |libssh2 |libtiff |
-| libvirt |libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |
-| mdadm |memcached |mtr |mysql |nano |ncurses |nessus |
-| netpbm |nginx |node |ntp |open_vm_tools |openafs |openjpeg |
-| openldap |openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |
-| pigz |png |polarssl_fedora |poppler |postgresql |pspp |python |
-| qt |radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |
-| subversion |sudo |syslogng |systemd |tcpdump |trousers |varnish |
-| webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh |
+| libbpg |libdb |libebml |libgcrypt |libical |libjpeg_turbo |liblas |
+| libnss |librsvg |libseccomp |libsndfile |libsoup |libsrtp |libssh2 |
+| libtiff |libvirt |libvncserver |libxslt |lighttpd |logrotate |lua |
+| mariadb |mdadm |memcached |mtr |mysql |nano |ncurses |
+| nessus |netpbm |nginx |node |ntp |open_vm_tools |openafs |
+| openjpeg |openldap |openssh |openssl |openswan |openvpn |p7zip |
+| pcsc_lite |pigz |png |polarssl_fedora |poppler |postgresql |pspp |
+| python |qt |radare2 |rsyslog |samba |sane_backends |sqlite |
+| strongswan |subversion |sudo |syslogng |systemd |tcpdump |trousers |
+| varnish |webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |zlib |
+| zsh | | | | | | |
 <!--CHECKERS TABLE END-->
 
 All the checkers can be found in the checkers directory, as can the
diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py
index 546bd5dda9..a9f44424c5 100644
--- a/cve_bin_tool/checkers/__init__.py
+++ b/cve_bin_tool/checkers/__init__.py
@@ -55,6 +55,7 @@
     "libarchive",
     "libbpg",
     "libdb",
+    "libebml",
     "libgcrypt",
     "libical",
     "libjpeg_turbo",
diff --git a/cve_bin_tool/checkers/libebml.py b/cve_bin_tool/checkers/libebml.py
new file mode 100644
index 0000000000..6c4825d66c
--- /dev/null
+++ b/cve_bin_tool/checkers/libebml.py
@@ -0,0 +1,21 @@
+# Copyright (C) 2022 Intel Corporation
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+"""
+CVE checker for libebml
+
+https://www.cvedetails.com/product/33126/Matroska-Libebml.html?vendor_id=7864
+
+"""
+
+from cve_bin_tool.checkers import Checker
+
+
+class LibebmlChecker(Checker):
+    CONTAINS_PATTERNS = []
+    FILENAME_PATTERNS = [r"libebml.so"]
+    VERSION_PATTERNS = [
+        r"libebml-([0-9]+\.[0-9]+\.[0-9]+)",
+        r"([0-9]+\.[0-9]+\.[0-9]+)\nUnknown\nEBMLVoid",  # This string may be brittle to changes in string ordering
+    ]
+    VENDOR_PRODUCT = [("matroska", "libebml")]
diff --git a/doc/MANUAL.md b/doc/MANUAL.md
index 06148ee9e1..ba004a0440 100644
--- a/doc/MANUAL.md
+++ b/doc/MANUAL.md
@@ -118,23 +118,24 @@ which is useful if you're trying the latest code from
 
 <!--CHECKERS TABLE BEGIN-->
 |   |  |  | Available checkers |  |  |  |
-|--------------- |------------ |--------------- |---------- |------------- |---------- |---------- |
+|--------------- |---------- |------------ |--------------- |---------- |------------- |---------- |
 | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap |
 | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus |
 | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius |
 | ftp |gcc |gimp |glibc |gnomeshell |gnupg |gnutls |
 | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell |
 | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive |
-| libbpg |libdb |libgcrypt |libical |libjpeg_turbo |liblas |libnss |
-| librsvg |libseccomp |libsndfile |libsoup |libsrtp |libssh2 |libtiff |
-| libvirt |libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |
-| mdadm |memcached |mtr |mysql |nano |ncurses |nessus |
-| netpbm |nginx |node |ntp |open_vm_tools |openafs |openjpeg |
-| openldap |openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |
-| pigz |png |polarssl_fedora |poppler |postgresql |pspp |python |
-| qt |radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |
-| subversion |sudo |syslogng |systemd |tcpdump |trousers |varnish |
-| webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh |
+| libbpg |libdb |libebml |libgcrypt |libical |libjpeg_turbo |liblas |
+| libnss |librsvg |libseccomp |libsndfile |libsoup |libsrtp |libssh2 |
+| libtiff |libvirt |libvncserver |libxslt |lighttpd |logrotate |lua |
+| mariadb |mdadm |memcached |mtr |mysql |nano |ncurses |
+| nessus |netpbm |nginx |node |ntp |open_vm_tools |openafs |
+| openjpeg |openldap |openssh |openssl |openswan |openvpn |p7zip |
+| pcsc_lite |pigz |png |polarssl_fedora |poppler |postgresql |pspp |
+| python |qt |radare2 |rsyslog |samba |sane_backends |sqlite |
+| strongswan |subversion |sudo |syslogng |systemd |tcpdump |trousers |
+| varnish |webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |zlib |
+| zsh | | | | | | |
 <!--CHECKERS TABLE END-->
 
 For a quick overview of usage and how it works, you can also see [the readme file](README.md).
diff --git a/test/condensed-downloads/libebml-1.3.9-1.el7.x86_64.rpm.tar.gz b/test/condensed-downloads/libebml-1.3.9-1.el7.x86_64.rpm.tar.gz
new file mode 100644
index 0000000000..1f25f909c6
Binary files /dev/null and b/test/condensed-downloads/libebml-1.3.9-1.el7.x86_64.rpm.tar.gz differ
diff --git a/test/condensed-downloads/libebml4v5_1.3.6-2_amd64.deb.tar.gz b/test/condensed-downloads/libebml4v5_1.3.6-2_amd64.deb.tar.gz
new file mode 100644
index 0000000000..e5c45643ce
Binary files /dev/null and b/test/condensed-downloads/libebml4v5_1.3.6-2_amd64.deb.tar.gz differ
diff --git a/test/test_data/libebml.py b/test/test_data/libebml.py
new file mode 100644
index 0000000000..a8d0116b67
--- /dev/null
+++ b/test/test_data/libebml.py
@@ -0,0 +1,30 @@
+# Copyright (C) 2021 Intel Corporation
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+mapping_test_data = [
+    {
+        "product": "libebml",
+        "version": "1.3.9",
+        "version_strings": ["libebml-1.3.9"],
+    },
+    {
+        "product": "libebml",
+        "version": "1.3.6",
+        "version_strings": ["libebml-1.3.6"],
+    },
+]
+
+package_test_data = [
+    {
+        "url": "https://download-ib01.fedoraproject.org/pub/epel/7/x86_64/Packages/l/",
+        "package_name": "libebml-1.3.9-1.el7.x86_64.rpm",
+        "product": "libebml",
+        "version": "1.3.9",
+    },
+    {
+        "url": "http://ftp.de.debian.org/debian/pool/main/libe/libebml/",
+        "package_name": "libebml4v5_1.3.6-2_amd64.deb",
+        "product": "libebml",
+        "version": "1.3.6",
+    },
+]