How can it be hacked when I downloaded directly from Fedora Project page and they are the keeper of Epel repo?
Your method means that you will not get an update until the next time you bother to check. Installing rpms from who knows where is not good practice.
And because there is a method which then ensures you get timely updates from the repo.
For sure, you can use your method, but experience says that it will likely be your undoing at some future date when someone exploits your old package that you forgot to update. That's what hackers do - search for packages that people forgot about.
First would have been to ask if there was a usable repo seeing as the repo says 'epel' :
download-ib01.fedoraproject.org/pub/
epel/6/x86_64/Packages/o/openjpeg2-2.3.0-6.el6.x86_64.rpm
A search on the wiki would have helped you.
Running the commands that Mike provided and checking first would have also helped you.
/sbin/e-smith/audittools/repositories
/sbin/e-smith/audittools/newrpms
And you could have asked for someone to run
yum info openjpeg2
People spent a lot of time and thought on building a system to enable things to work as seamlessly as possible and to try and keep you safe, and to save you from yourself. Do please make use of it where you can.